|
|
|
|
|
|
by lxgr
605 days ago
|
|
|
What about extending the protocol to an actual channel-bound challenge-response one, without the need for a (risky) out-of-band key exchange via a QR code? We could call it something like Web Authentication. I could even imagine small, keychain-sized USB authenticators that you have to touch a capacitive button on to approve an authentication :) |
|
|