Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
KingOfCoders 9 days ago

Please log into BAD.com - we're a login provider to GOOD.com with a higher security level, from now on use BAD.com to log into GOOD.com

Why would I put a secret code from GOOD.com into BAD.com? That's the core of the problem.

If you put a code you get from GOOD.com into BAD.com, it's like you put a password from GOOD.com into BAD.com - don't do that.

Hackbraten 9 days ago | parent [-]

> If you put a code you get from GOOD.com into BAD.com, it's like you put a password from GOOD.com into BAD.com - don't do that.

A password manager will protect me from doing the latter. There’s no way it can protect me from doing the former.

Any human can be tricked, no matter how smart they are. A bad actor just has to wait for the right moment. No amount of “don’t do that” can change that fact.

KingOfCoders 8 days ago | parent [-]

If a website says "Do this" and you're the person who follows random websites against security practices, because you believe in authority, a password manager does not help. You will open the password manager, search for GOOD.com and put it into BAD.com and be angry that your password manager can't do that for you.

"Any human can be tricked, no matter how smart they are."

and

"A password manager will protect me from doing the latter."

Don't work together. Either everyone can be tricked or not.

It says "Everyone can be tricked" but I can't be tricked because I use a password manager.

Hackbraten 8 days ago | parent [-]

> you're the person who follows random websites against security practices, because you believe in authority

There are many reasons why such lapses of judgements happen, even to people who don’t believe in authority. For example, the fact that any human can be tricked.

> Don't work together. Either everyone can be tricked or not.

The password manager protects me from filling my password into the wrong site.

The password manager will not protect me from BAD.com tricking me into handing them out a one-time code that GOOD.com sent me via email.

KingOfCoders 8 days ago | parent [-]

So everyone can be tricked except you, because you use a password manager.

Hackbraten 8 days ago | parent [-]

I literally wrote in my last sentence that I can still be tricked.

KingOfCoders 8 days ago | parent [-]

The excuse me, I read the last sentence differently.