|
|
|
|
|
|
by tialaramex
2136 days ago
|
|
|
Yeah, this is very annoying. It's not every company, but it's enough different companies to be a problem. PayPal (a company that more or less constantly moans about phishing) operated www.paypal-special.com which is a tremendously phishy-looking name, but it was a real PayPal site until they shut it down. One nice side effect of WebAuthn binding credentials to a dnsName is that you can't change domain names without trashing all the credentials. It's mechanically impossible. So when yet another marketing genius wants customers to go to some-daft-marketing-idea.example instead of your-actual-website.example they can put fluff on that site if they want, but any sign-in or other credentials stuff will need to happen on your-actual-website.example anyway. |
|
|