That's why we need 2FA. @PayPalSecurity will you ever support U2F? https://twitter.com/josephfcox/status/832853549851803648 …
-
This Tweet is unavailable.
-
Replying to @flameeyes
That's why passwords need to die. Phishing would be impossible with all auth via client certs.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @flameeyes
I don't think you realise the consequences of that
1 reply 0 retweets 0 likes -
-
BTW password managers and random passwords also solve the problem of phishing 100%.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @phenlix
I don't think so. It mitigates the risk of a phished password. But a phished PayPal password still put my money at risk
1 reply 0 retweets 0 likes -
Replying to @flameeyes @phenlix
Someone can't phish a password you don't know. Using pw manager means you NEVER KNOW ANY PASSWORDS. Only pw manager does
2 replies 0 retweets 0 likes -
Replying to @RichFelker @phenlix
@salyavin fwiw if you haven't seen it last night, https://blog.flameeyes.eu/2017/02/password-managers-and-u2f/ … is the full reply to that.1 reply 0 retweets 0 likes -
I agree there are remaining UX probs with browsers, sites, and some/most pw mgrs that reintro phishing vectors
2 replies 0 retweets 0 likes -
Replying to @RichFelker @flameeyes and
These mostly admit technical solutions: disallow copying or even seeing pw, force autofill, & ...
2 replies 0 retweets 0 likes
...when manually adding equiv domain, show just the domain (not obfuscation junk in url) & flag homoglyphs.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.