Y
Hacker News
new
|
ask
|
show
|
jobs
by
eyeareque
1375 days ago
Does this passwordless future still involve getting a cookie in your browser that can be stolen and used from an attackers machine? If so, we still have a problem to fix.
2 comments
madjam002
1375 days ago
AFAIK Token binding was designed to solve this problem, but was removed from Google Chrome for being too complicated for the benefits it brought.
Not sure if there is anything else in the works.
link
stavros
1375 days ago
How would you propose doing sessions instead?
link
eyeareque
1375 days ago
This seemed promising but it doesn’t look like it had any traction
https://www.rfc-editor.org/rfc/rfc8471
link
Not sure if there is anything else in the works.