|
|
|
|
|
|
by acdha
1123 days ago
|
|
|
That last part is huge: the FIDO-2/WebAuthn protocol includes the hostname so there’s no way to have a challenge from server A get a response which could be used on server B. That alone is worth the switch since so many people get painfully phished into entering an important password on the attacker’s server. |
|
|