|
|
|
|
|
|
by hackermatic
1023 days ago
|
|
|
Basically, this is because web authentication has been very weak for far too long, and it's gotten to the point where attackers literally operate as a business, with human resource departments, call centers, and all. Unfortunately, the extra security measures are basically bolted on, and I mean that in terms of the existing architecture of websites/applications, the user interface flows (as you've noticed), and the authentication schemes themselves, like using SMS for two-factor. The good news is that with standards like WebAuthn, a lot of authentication flows will become faster, more automated, and more secure, because your browser or OS will manage really strong credentials for you, and maybe prompt you for a PIN or biometric scan to unlock your local device's credential store. The bad news is that it will take awhile to roll this out, and it still won't replace things like passwords or in-person processes in all cases. One intro to WebAuthn is here: https://webauthn.guide/ |
|
|