|
|
|
|
|
|
by theshrike79
669 days ago
|
|
|
Do you manually check every site's SSL certificate before connecting? If not, how can you be sure there's not a MITM/Replay attack ongoing right now? Very commonly user databases are the one being accessed for some reason, resulting in user data + salted passwords released. How so? I can social engineer an employee to give me the password for a site they have in the password manager. I can't make them give me the passkey because they can't do that. It's not something you can paste in a chat. |
|
|
this is a fundamental and un-addressable problem with passkeys as currently implemented