Y
Hacker News
new
|
ask
|
show
|
jobs
by
ghayes
729 days ago
Ideally, the best defense here is a FIDO-compliant 2FA or Passkey that would properly not send a valid credential for a different domain.