I'm very confused after reading https://www.theverge.com/2018/4/10/17215406/webauthn-support-chrome-firefox-edge-fido-password-free What is the relationship between password free systems and phishing?
And remember, the more factors the better. Raplacing passwords with devices is just replacing something I know with something I have. It's just different attack vectors.
@lgs My understanding is that the browser verifies you are at gmail.com and not at gmai1.com. The browser won' t be phished because it checks every Unicode character of the domain is right, unlike a human, who would just read and get tricked by look-alike Unicode characters.
But yes, the more factors the better. Otherwise if I still your device I can p0wn your accounts.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!