undefined | Better HN

0 pointsheavenlyblue5y ago0 comments

One of the cool things of having a password manager is that a password manager can’t auto-complete the form for websites not sharing the domain with the old one.

If you don’t know the password yourself, then phishing is less effective as it’s quite rare that your password manager forgets that it needs to fill out the form for you.

0 comments

tialaramex5y ago

> ... then phishing is less effective as it’s quite rare

In practice users who're successfully being phished curse the password manager and override it. Not always but often enough.

WebAuthn bakes the site-specificity into the protocol thus preventing you from shooting yourself in the foot, even if you're convinced that's what you need to do.

j / k navigate · click thread line to collapse