undefined | Better HN

0 pointsblintz6y ago0 comments

Even if the malware hijacks your session tokens, using something like WebAuthn prevents silent theft of a password, which is much more powerful (allows creation of new sessions).

0 comments

burner5894326y ago

If your host is infected with malware but it can't steal your passwords due to hardware boundaries, it still has access to your host at a pretty reasonable permission level.

In most corporate environments that's far more damaging than getting persistence in a handful of webapps.

Also, 2FA solves this exact issue.

j / k navigate · click thread line to collapse

0 comments

burner5894326y ago

If your host is infected with malware but it can't steal your passwords due to hardware boundaries, it still has access to your host at a pretty reasonable permission level.

In most corporate environments that's far more damaging than getting persistence in a handful of webapps.

Also, 2FA solves this exact issue.

j / k navigate · click thread line to collapse