WingNews logo WingNews
top | item 45170464

(no title)

anticristi | 5 months ago

This is really scary. It could have totally happened to me too. How can we design security which works even when people are tired or stressed?

Once upon a time, I used a software called passwordmaker. Essentially, it computed a password like hash(domain+username+master password). Genius idea, but it was a nightmare to use. Why? Because amazon.se and amazon.com share the same username/password database. Similarly, the "domain" for Amazon's app was "com.amazon.something".

Perhaps it's time for browser vendors to strongly bind credentials to the domain, the whole domain and nothing but the domain, so help me Codd.

discuss

order

samhh|5 months ago

Passkeys already solve for this, we just have to get past the FUD.

odie5533|5 months ago

In this case, how is the Passkey safer than 2FA?