That's why passwords need to die. Phishing would be impossible with all auth via client certs.
No, don't disallow it on the site side. Disallow it on the pw mgr side. It should only auto-enter, never show.
-
-
sure, and then no *real* (read: not-security-nerd) person uses it because it's a pain to use for, say, ebay.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
see my note about my stupid bank "anti-phishing" measure.
- End of conversation
New conversation -
-
-
for a pw mgr to correctly authenticate the website and the authentication realm is really tricky
-
Yes, but reliably automating it is the only way to get security for non-experts without abolishing passwords.
-
great, we agree! But AFAICT nobody worked on my proposal or similar ones. So pwmanagers are no solution today
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.