top | item 33709413

(no title)

plorntus | 3 years ago

I was actually wondering if you could use this as another form of authentication (ignoring that WebAuthN and other such standards exists). For example create a font dynamically that when printing a specific string just outputs some form of data (eg. JWT encoded in a font glyph) that can be drawn to a canvas and read by the page.

Could be some form of incredibly sticky authentication, unless the user removes the font will never go away. Nefarious and not sure there would ever be a legitimate usecase but sounds doable.

discuss

moqmar|3 years ago

I think TLS client certificates are basically the equivalent to this approach.