|
|
|
|
|
|
by michaelt
468 days ago
|
|
|
Take a look at this browser popup box, asking the user to select which device to use for webauthn: https://filestore.community.support.microsoft.com/api/images... Now take a look at this browser popup box, inviting the user to grant access for webusb: https://developer.chrome.com/docs/capabilities/usb#get_acces... This isn't just clueless people clicking mindlessly without reading anything. The user wants to log in with their U2F key. They get a box asking if the website can access their U2F key. Even if they read and understand every word in the box, consult their security training (which tells them "when you log in with a U2F key a box will pop up asking you to select a device, that's normal") the only indication they're doing anything wrong is that the device selection box looks a bit different to normal. |
|
|