-
@JuhoJauhiainen @HelSecurity With U2F the domain is used (somehow I have not read the spec) when asking for the approval so it would fail due to the phishing domain!=google Didn't find the exact source only people agreeing U2F is not MITM:able medium.com/@peterkaminski/2fa-phishing-u2f-to-the-rescue-fb46e91d3ccb
❤️ 1 Favorite
Mood 0
-
@JuhoJauhiainen @HelSecurity So my recommendation for anyone worried about this is to use U2F/WebAuthn, now finally supported even in Safari. With SoftU2F you can use the SEP as a built in key on Mac's And I think Safari 14 will support WebauthN with Touch/Face ID natively bugs.webkit.org/show_bug.cgi?id=213595Permalink
❤️ 2 Favorites
Mood +1 🙂