How do you handle scenarios where the user’s device environment changes significantly? For example, if they clear their IndexedDB or switch devices? Does session-lock manage to maintain security in these cases?
gflacount | 17 days ago
How is this better then an httponly cookie?
amadeuspagel | 16 days ago
This would have been cool for hardware wallets when Ethereum was relevant.
bschmidt1 | 14 days ago
doesn't this only protect against MITM attacks?
_andrei_ | 16 days ago
Thanks for this, it's very timely given what I'm working on right now. Google's proposal seems wildly overcomplicated for the use cases I've ever run across.