381
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 24 Aug 2024
381 points (97.0% liked)
Asklemmy
43968 readers
781 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
Like those sites that ask me to sign in using Google (or other options) and then Google asks me for the password?
Pretty easy to grab passwords I think.
Those websites send you directly to Google, so they no longer have control of the web page when you're entering your password.
This is why Google sign-in can’t be embedded and uses the password input type for the password type. Most SSOs do this as well.
To clarify, websites can't capture keyboard events that were typed into a different website like you're thinking. Think of going to a web game that let's you use WASD for controlling your character. It's able to capture those events on that page because its in focus. When a site goes out of focus (such as switching tabs or switching to another window that's not the browser), it loses that ability. Overall, it's very secure.
I was more wondering how you thought capturing the mouse movements would lead to security issues.