top | item 23283293

(no title)

This is what makes security keys so great, you can't surreal a token from one domain and use it on another. They completely remove this type of attack, which no amount of training will ever fully protect you from. You can't put the onus on the employee, you have to make it impossible for them to do the wrong thing in this case.

discuss

oefrha|5 years ago

Any password manager with browser integration can make sure you don’t fill in credentials on the wrong domain. No need for additional hardware.

munchbunny|5 years ago

That just stops you from automatically entering the password. A security key will literally not authenticate in that situation.

Defense in depth is just as much of a thing for personal security as network security.