@scottwright @agent0x0 @secureideas Wow, Scott! This is one I hadn’t heard of. I just listened to the most recent (Nov. 7) episode. Really great! I love the conversation format and have already subscribed. Can’t wait to hear more. Thanks for highlighting this for me. Cheers!

@jerry @hacks4pancakes @da_667 I love that for you! It’s a crazy wonderful thing you’ve built here, and this frequent-visitor-from-another-instance is grateful for it, too!

@timhaines @schlink Right? That’s my question as well. I don’t think the added protection has as much to do with the U2F ensuring you’re at the correct URL (though password managers are a big help with this). Rather, I see the “unphishability” of U2F as due to the fact that no session token can be created/retained. Since U2F can be passwordless, and must be invoked for each and every authentication, login literally cannot occur without having the U2F key.

@stringlytyped I can imagine it may seem like no one but you suffers from that decision. But if it means anything at all, this stranger admires you for the decision. Hopefully you avoided a toxic work environment. Best of luck!

@unregistered436 Oh! Cool idea! Thanks for the tip