This sounds like exactly what WebAuthn is for, and even better, ... • Aaron Parecki

45°F

SaraMG https://twitter.com/SaraMG • Mar 22
Is there any kind of JS+PHP "standard" for doing auth without ever sending any kind of replayable credential to the server? Something like a SCRAM conversation? Been thinking about ways of never allowing servers to see a plaintext password, and thus be unable to be compromised.

This sounds like exactly what WebAuthn is for, and even better, it's already implemented in browsers and available as a JS API!

Portland, Oregon, USA • 53°F

Sat, Mar 23, 2019 10:24am -07:00

2 likes 1 repost
- Jacky Alciné
Have you written a response to this? Let me know the URL:

Posted in /replies using quill.p3k.io