Hacker News new | past | comments | ask | show | jobs | submit login

How will you avoid fake login pages? Those can even phish SMS and TOTP 2FA.

Yubikey 2FA (and equivalents) help to solve this.




Bitwarden will show if I'm not on the right domain. It's not perfect, but a USB key is a nonstarter for me (going back to "I'm more worried about locking myself out than someone else getting in.")




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: