Re: [webauthn] Proposal for password-only authentication using ES256 (#2091) from Shane Weeden via GitHub on 2024-07-02 (public-webauthn@w3.org from July 2024)

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Tue, 02 Jul 2024 19:50:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2204261805-1719949856-sysbot+gh@w3.org>

Not sure how this really offers protection against phishing. If a bad actor can present a phishing site with a dialog into which a user supplies their password, then the bad actor can use that password against the legitimate site later.

-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2091#issuecomment-2204261805 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 2 July 2024 19:50:59 UTC