|
|
|
|
|
|
by Dylan16807
1521 days ago
|
|
|
> I like how you completely ignored my statement about WebAuthn not needing a password. My original question to you said you didn’t need a password: “How is SRP materially better than WebAuthn, which is intended to be able to be used as a single factor authentication mechanism?” I answered that immediately. You can use it in more places. Otherwise, in places where you can use both, it's worse. > I tried to be clear from the beginning that passwords aren’t the answer, in my opinion. I agree with that idea, but then you said the only way to improve on things was 2FA or SSO which isn't right. |
|
|
You were conveniently ignoring it in the context where you claimed I was moving the goal posts.
I did not move the goal posts.
> I agree with that idea, but then you said the only way to improve on things was 2FA or SSO which isn't right.
That's an oversimplification of things, at best. I specifically linked to an older comment of mine for those who wanted more detail, and that comment recommended moving away from passwords entirely. You saw what you wanted to see. My summary in this thread was focused on the thread itself, which was discussing how to make password authentication more secure... and the way to do that is to add a second factor. Not security theater like client-side hashing as people were trying to propose higher in the thread.
This discussion is really boring at this point.