top | item 32776076 (no title) eyeareque | 3 years ago Does this passwordless future still involve getting a cookie in your browser that can be stolen and used from an attackers machine? If so, we still have a problem to fix. discuss order hn newest madjam002|3 years ago AFAIK Token binding was designed to solve this problem, but was removed from Google Chrome for being too complicated for the benefits it brought.Not sure if there is anything else in the works. stavros|3 years ago How would you propose doing sessions instead? eyeareque|3 years ago This seemed promising but it doesn’t look like it had any traction https://www.rfc-editor.org/rfc/rfc8471
madjam002|3 years ago AFAIK Token binding was designed to solve this problem, but was removed from Google Chrome for being too complicated for the benefits it brought.Not sure if there is anything else in the works.
stavros|3 years ago How would you propose doing sessions instead? eyeareque|3 years ago This seemed promising but it doesn’t look like it had any traction https://www.rfc-editor.org/rfc/rfc8471
eyeareque|3 years ago This seemed promising but it doesn’t look like it had any traction https://www.rfc-editor.org/rfc/rfc8471
madjam002|3 years ago
Not sure if there is anything else in the works.
stavros|3 years ago
eyeareque|3 years ago