Kurt Got Got

[giarc]

I'm sorry but the imagecontent-x.com url should throw red flags for anyone.

[tptacek]

This is exactly how not to defend against phishing. The meaningful defense is to foreclose on it entirely, not to just get super good at spotting fakes.

[classified]

> The meaningful defense is to foreclose on it entirely

Sounds easy enough in theory. How do you do that in practice?

[9dev]

Use passkeys. Bully services that don’t offer them or lock them behind enterprise plans into implementing them.

That’s it. The single working Defense against credential theft.