|
|
|
|
|
|
by 8organicbits
1586 days ago
|
|
|
I'm thinking about the password replacement use case. If an attacker (somehow) was to profile my typing, presumably they'd be able to replay keystrokes matching my own. Is there a way to "change my password" in those scenarios, or are there some sort of liveness checks you can perform to defeat replay? I registered, but I was surprised to see the registration used username+password. I suppose different use cases require different tech, but that was unexpected. |
|
|