zlacker

[parent] [thread] 1 comments
1. lxgr+(OP)[view] [source] 2024-12-27 04:51:30
> The vendors claim that this is to make phishing impossible

They do? I don't see how, since non-discoverable WebAuthN credentials make phishing just as impossible.

The only thing discoverable credentials allow on top of non-discoverable ones is avoiding having the user type in their username or email address.

replies(1): >>drhuse+Tq
2. drhuse+Tq[view] [source] 2024-12-27 12:44:14
>>lxgr+(OP)
yes, that is for "usernameless" login, in addition to passwordless. Does not increase security, improves usability a bit
[go to top]