You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Paragraph 1: it is not only the resource owners' password that can be phished. OTP etc. can be phished as well.
Proposes to change: "steal resource owners' passwords" to "steal resource owners' passwords and other credentials that are not phishing-resistant".
Also, as the paragraph 2 advises, user education is important, but its effectiveness is somewhat limited.
It is better to advise authorization servers to deploy Phishing-resistant authentication mechanisms.
Therefore, I propose to add a new paragraph 2 such as:
Service providers SHOULD implement phishing-resistant authenticator support.
A question. There are two instances of "should" in the current paragraph 2. Are they intended or they actually are "SHOULD"?
The text was updated successfully, but these errors were encountered:
Paragraph 1: it is not only the resource owners' password that can be phished. OTP etc. can be phished as well.
Proposes to change: "steal resource owners' passwords" to "steal resource owners' passwords and other credentials that are not phishing-resistant".
Also, as the paragraph 2 advises, user education is important, but its effectiveness is somewhat limited.
It is better to advise authorization servers to deploy Phishing-resistant authentication mechanisms.
Therefore, I propose to add a new paragraph 2 such as:
Service providers SHOULD implement phishing-resistant authenticator support.
A question. There are two instances of "should" in the current paragraph 2. Are they intended or they actually are "SHOULD"?
The text was updated successfully, but these errors were encountered: