Reply to post: So if I understand this correctly?

No password? No worries! Two new standards aim to make logins an API experience

Andy Non Silver badge

So if I understand this correctly?

You log into a local application using gestures, fingerprints or whatever and the local application talks to a server and says "This really is John Smith here, I'd like to transfer some funds...". And the server says "OK, your ID has already been verified, so your funds are being transferred..."

So does this mean that if someone mimics the behaviour of the local API and protocol used to communicate with the server, they could fraudulently send bogus authentication messages to the server?

Sounds well dodgy to me if authentication isn't done at the server end.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021