top | item 42471139

(no title)

Fair enough on the device compromise point, that said the implementation is still terrible and illustrates what I would be worried about-

Maybe more succinctly put, how a credential is initially enrolled, managed and finally removed is an implementation detail which leaves room for funky implementations like the above.

I do agree that it is an improvement over passwords though. Furthermore I guess the same applies to password based logins where everybody just kind of wings it anyway.

discuss

No comments yet.