Services with high-value accounts need to start implementing multiple privilege contexts.
-
-
I mostly rely on 2FA shielding me from password compromises on my phone. Not good enough? (I know it's not equivalent)
-
PW isn't saved anyway; compromise is only a risk if your device is already backdoored.
-
Risk is live session token.
-
Ah, I actually do sync my passwords to my phone (and assume my phone isn't compromised). How do you see a session token being compromised?
-
Browser exploit, physical loss of control of device (theft/police/border), etc.
-
Ah, I see what you're defending against now. BTW I want multiple contexts anyways even though I'm not as concerned about my phone being sploited. My use case is "sign into GitHub on the university lab computers"
End of conversation
New conversation -
-
-
Yeah, I would like to see CI integrations which are not shown if not logged in but that's it.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.