Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The vendors claim that this is to make phishing impossible

They do? I don't see how, since non-discoverable WebAuthN credentials make phishing just as impossible.

The only thing discoverable credentials allow on top of non-discoverable ones is avoiding having the user type in their username or email address.



yes, that is for "usernameless" login, in addition to passwordless. Does not increase security, improves usability a bit




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: