I use LastPass on my phone (Chrome), Macbook Pro (Chrome, Firefox, Safari), and Windows machine (Firefox). secure enclave, etc.) Ideally I'd like to be able to configure Webauthn to work from *multiple* browsers on *multiple* computers. Numerous browsers now support Webauthn on phones and computers where the environment has been deemed secure (i.e. Thankfully that is not required for LastPass currently. ![]() Webauthn with SMS recovery is basically a huge security risk at this point. I now view SMS messages as an account recovery option as a liability since it has been shown recently how easy it is to hijack a phone number (Google search for recent accounts of this). ![]() In addition to the security concerns already mentioned, I'll bring up another few points.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |