@lunareclipse @solonovamax
I do wonder how the phishing resistance would work for anything that has multiple legitimate clients. Anything like IRC, xmpp, matrix, or even third party clients to closed silos. OAUTH isn't phishing resistant if the client logs in with that, but may be able to scope the impact. It's entirely possible I'm missing something fundamental.
Really the main benefit IMO is that it makes bad passwords not possible/effectively forces using a password manager, but then unfortunately it's hard to say the rollout is anything but a disaster.
walnut 🌱
@walnut@thesoftestpaws.net