The other side of this is the Relying Party, a.k.a. the website operator that is relying on the user's password manager to be decently secure and resistant to phishing. Otherwise, why ditch passwords plus 2FA?
The other side of this is the Relying Party, a.k.a. the website operator that is relying on the user's password manager to be decently secure and resistant to phishing. Otherwise, why ditch passwords plus 2FA?
The website already has guarantees against phishing because those are enforced by the managers. What's prevented is the snooping case of taking an export and cloning it without the exporting manager being involved. This is essentially indistinguishable from many legitimate use cases like archival or access to deceased relatives' credentials, which users might want regardless of the website's preferences.
> The website already has guarantees against phishing because those are enforced by the managers.
There is no such guarantee if credential-stealing malware can export your private key material in plaintext!
If the malware can orchestrate the managers, why wouldn't they simply use that power to orchestrate the offline export as they were going to do anyway? The RP ID makes the process a bit noisy, but it doesn't seem to change the fundamental vulnerability for the credential owner.