Remix clone Hacker News

new | show | ask | jobs Github

	▲	bmacho 9 days ago
		I think GP has the following in mind: `- user has an account on GOOD.COM - user has saved her password in her browser - user navigates to BAD.COM` In this case autofilled passwords are safe and convenient since they alarm the user that she isn't at GOOD.COM. A clickable link sent in email mostly works too, it ensures that the user arrives at GOOD.COM. (If BAD sends an email too, then there is a race condition, but it is very visible to the user.) Pin code sent in email is not very good when the user tries to log in to BAD.COM.