|
|
|
|
|
|
by lxgr
2498 days ago
|
|
|
True, this would defend against many practical attacks and is a huge security win by itself. I'd just be careful about overly relying on this property or calling it anything like mutual authentication: If an attacker can make an educated guess about a user's account contents, they could still convince them to provide additional personal information once they let their guard down after authenticating. |
|
|