Services with high-value accounts need to start implementing multiple privilege contexts.
PW isn't saved anyway; compromise is only a risk if your device is already backdoored.
-
-
Risk is live session token.
-
Ah, I actually do sync my passwords to my phone (and assume my phone isn't compromised). How do you see a session token being compromised?
-
Browser exploit, physical loss of control of device (theft/police/border), etc.
-
Ah, I see what you're defending against now. BTW I want multiple contexts anyways even though I'm not as concerned about my phone being sploited. My use case is "sign into GitHub on the university lab computers"
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.