Hacker News new | ask | show | jobs
by JonathanBeuys 901 days ago
Yes. The auth part should not be displayed when you hover over a bookmark. Chromium does not display it.

In the end, every security mechanism is "plain text". Even ssh keys. When someone gains access to your ssh key, which is just an ascii string, they can log in as you.
1 comments
pprotas 901 days ago
My SSH keys are protected with a password, on top of that I have a biometric lock (MacBook fingerprint reader) on my SSH keys. So they would only grant access to someone that 1. has access to my computer, 2. knows the password (which only I know) and 3. has my finger. Definitely more than just plain text!

I strongly suggest looking into multi-factor authentication, or other modern authorization/security mechanisms if you want to see examples of security systems that are not just plain text.

> Chromium does not display it.

Security by obscurity is not ideal, although I can understand that the lack of this feature in Firefox hinders your usecase.

link
JonathanBeuys 901 days ago
Same here. You can't just access my auth data over the internet.

You would also have to get hold of my machine and get past it's security mechanisms.

You can put as many layers on top of what you call "obscurity". But at the bottom it's still just a simple string that holds the power to authenticate you.

And "multi-factor authentication" does not help with the situation "User is allowed to use this script, so they are also allowed to use that website. Let's open it for them.".

link