|
|
|
|
|
|
by coder543
1522 days ago
|
|
|
I like how you completely ignored my statement about WebAuthn not needing a password. My original question to you said you didn’t need a password: “How is SRP materially better than WebAuthn, which is intended to be able to be used as a single factor authentication mechanism?” WebAuthn as a single factor means there is no password or TOTP or anything else. Just WebAuthn. You can go back to my very first comment where I said “The real way to add more security is to minimize dependence on passwords”. I tried to be clear from the beginning that passwords aren’t the answer, in my opinion. Yes, people are psychologically accustomed to having a password in addition to other things, but I don’t see the password as actually contributing much to the security. My first comment also linked to another comment of mine from two months ago where I said “I would personally push away from passwords on the whole at this point.” I definitely wasn’t moving the goal posts at any point, as I can point to multiple examples of holding this position the whole time, but I know that I’m not always the clearest communicator. |
|
|
I answered that immediately. You can use it in more places.
Otherwise, in places where you can use both, it's worse.
> I tried to be clear from the beginning that passwords aren’t the answer, in my opinion.
I agree with that idea, but then you said the only way to improve on things was 2FA or SSO which isn't right.