Comments (1)
SMS based "authentication" has been 'restricted' by NIST circa 2017. https://www.onespan.com/blog/nist-softens-guidance-sms-authentication
At the same time, push notifications to a trusted App are much more secure. While the browser can't detect this (push to app) method directly, it is a better authentication method than SMS codes. I am concerned about the browser treating this method as a "mediated" method which is less secure than other methods which can not be classified as "mediated". It may push sites to use less secure authentication methods which weakens the security of the user.
from is-logged-in.
Related Issues (20)
- Could Site Engagement Serve the Same Purpose?
- Privileges that come with IsLoggedIn may push sites to mandate login HOT 1
- Can we cater for link-based logins, e.g. tap link in email => logged in HOT 5
- Use the term bucket for storage HOT 1
- Support for logins to sites requiring 2FA login
- What does logout mean in a federated context? HOT 5
- Browser rules for a 'proper' login flow
- Support for federated logins, or the ability to transfer IsLoggedIn HOT 10
- Supporting display name and avoiding misuse of them HOT 1
- Logging-in does not necessarily mean giving tracking consent
- Safari implementation of setLoggedIn API HOT 1
- Concurrent logins support for `navigator.isLoggedIn` method.
- Would it be possible to have it isomorphic?
- Potential use of First Party Sets for Single Sign-On
- Integration with FedCM (formerly WebID) HOT 9
- Potential requirement to have JS turned on to log in users to a site
- Consider changing the name of the spec to better convey purpose, align with conventions HOT 1
- Consider renaming API entry points to align with conventions, better convey purpose
- Use Case: Updating OS-integrated surfaces HOT 3
- advice/hooks for other login helper APIs to change login status
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from is-logged-in.