undefined | Better HN

0 pointsPakG18y ago0 comments

There are no good options until someone figures out a good alternative to passwords.

0 comments

'U2F + password' is very secure and can't be phished if implemented fully. However, even Google doesn't do U2F correctly :( U2F authentication needs to happen _every_ time a new TLS session is established in order to be 100% phish proof

j / k navigate · click thread line to collapse

0 pointsPakG18y ago0 comments

There are no good options until someone figures out a good alternative to passwords.

0 comments

exabrial8y ago

'U2F + password' is very secure and can't be phished if implemented fully. However, even Google doesn't do U2F correctly :( U2F authentication needs to happen _every_ time a new TLS session is established in order to be 100% phish proof

j / k navigate · click thread line to collapse