• jax@lemmy.cloudhub.social
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    Yeah, this seems like old news - cookies can be stolen, and FIDO doesn’t change that unless you are prompting the hardware token for validation with every request (which isn’t feasible for most things, though might be a good idea for sensitive actions).