Not too au fait with FIDO2 details. How exactly would i help in this instance if... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

anonymousDan on Sept 1, 2023 | parent | context | favorite | on: The low, low cost of committing cybercrime

Not too au fait with FIDO2 details. How exactly would i help in this instance if the the user believes they are entering their details into a valid MS form? Is it that the attacker would only be able to log in once?

Dachande663 on Sept 1, 2023 [–]

AFAIK webauthn uses the domain as passed from the browser. So user might see micorsoft.com, but to the device it's a different domain so it won't pass on the keys.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact