On 4/23/20 7:35 PM, Matt Palmer wrote:
Passwords over the wire are the *key* problem of computer security. Nothing else even comes close. Hmm, a bold claim, but I'm confident the author will have strong support for
On Thu, Apr 23, 2020 at 06:31:04PM -0700, Michael Thomas wrote: their position.
One only needs to look at the LinkedIn salting problem That was a stored password problem, not a passwords-over-the-wire problem, but OK. I'm sure we'll be back on track shortly. You can't have a stored password problem if you never see them.
While I do think webauthn is a neat idea, and solves at least one very real problem (credential theft via phishing), you do an absolutely terrible job of making that case.
see RFC 4876, it is not about phishing. not even a little bit. Never has been. Please get a clue. Mike