| ▲ | RobotToaster 4 hours ago | |
One of my banks uses a card reader and pin to log in, seems more secure. | ||
| ▲ | microtonal 2 hours ago | parent | next [-] | |
Pins can still be phished. Just make the phishing a live proxy resembling the real site. A fundamental difference with e.g. FIDO2 (especially hardware-backed) is that the private credentials are keyed to the relying party ID, so it's not possible for a phising site to intercept the challenge-response. | ||
| ▲ | thefounder 44 minutes ago | parent | prev [-] | |
That’s just as bad. You need to take out the human error out of the equation. | ||