|
|
|
|
|
|
by rkangel
839 days ago
|
|
|
This article is the exact reason why. (1) Requires some out-of-band information to authenticate. Information that people are used to keeping safe. On the other hand the URLs in (2) are handled as URLs. URLs are often logged, recorded, shared, passed around. E.g. your work firewall logging the username and password you used to log into a service would obviously be bad, but logging URLs you've accessed would probably seems fine. [the latter case is just an example - the E2E guarantees of TLS mean that neither should be accessible] |
|
|