Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As I understand it, you need a secure & clean initial set-up, after which the user should not have to enter a key again as the handshake between your machine and Google will automatically change.

Phishing won't work if the user does not have to enter the key again. It requires a clean (no keylogger etc) initial setup. Once installed if someone phishes the end user wouldn't need to re-enter a key, thus defeating the phishing scheme.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: