Hacker News new | past | comments | ask | show | jobs | submit login

The primary flaw isn't BASIC AUTH. It's the password itself. Brute force attacks are easy. The only good way of securing anything is through an Authenticator app.



You can still have the server trigger an authentication confirmation when using basic auth. Web servers not coming with authentication apps is not a flaw, it is a completely separate component and scope.


And all that takes to break it is a compromised version floating around in WhatsApp groups saying Authenticator plus would give u blue theme.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: