|
|
|
|
|
|
by heavenlyblue
2231 days ago
|
|
|
One of the cool things of having a password manager is that a password manager can’t auto-complete the form for websites not sharing the domain with the old one. If you don’t know the password yourself, then phishing is less effective as it’s quite rare that your password manager forgets that it needs to fill out the form for you. |
|
|
In practice users who're successfully being phished curse the password manager and override it. Not always but often enough.
WebAuthn bakes the site-specificity into the protocol thus preventing you from shooting yourself in the foot, even if you're convinced that's what you need to do.