Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protecting users against phishing #2294

Open
Changaco opened this issue Nov 5, 2023 · 1 comment
Open

Protecting users against phishing #2294

Changaco opened this issue Nov 5, 2023 · 1 comment
Labels
defense protecting ourselves, our users and innocent third-parties discussion issues that are undecided or for which feedback is invited

Comments

@Changaco
Copy link
Member

Changaco commented Nov 5, 2023

It looks like the risk of phishing has never really been discussed in this repository.

Currently Liberapay recommends either using a password manager, or not setting a password at all (and always logging in via email instead). Both of those options reduce the probability of a user being tricked into giving access to their account to an attacker, but they don't eliminate it, and of course not all users do what's recommended. Possible improvements include #926 and #2163. Feel free to post other suggestions here.
@Changaco Changaco added discussion issues that are undecided or for which feedback is invited defense protecting ourselves, our users and innocent third-parties labels Nov 5, 2023
@mimi89999
Copy link

Hello,

As I proposed in #2163 I think that it would be best to implement Passwordless Webauthn (Passkeys). It is both phishing resistant and very convenient.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defense protecting ourselves, our users and innocent third-parties discussion issues that are undecided or for which feedback is invited
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Changaco @mimi89999