How does web3auth prevent fake website from asking user to login with a social account, which they used to login on the original/authentic website, and steal the reconstructed private key?
In other words, does it give you different key depending on the origin ( url ) that’s asking for the login?
Hi Porco R!
Thank you for your thoughtful question about security in Web3Auth, particularly regarding phishing attacks. It’s essential to ensure your users feel safe while using your applications.
To address your concern, Web3Auth employs certain measures to mitigate phishing attempts, such as:
Origin Verification: Web3Auth can help ensure that the authentication requests come from trusted origins. It typically associates the login session with the domain from which the user logged in, preventing unauthorized use from different sources.
Dynamic Key Generation: Web3Auth uses techniques that may allow for different keys or sessions based on the origin, thus adding a layer of security. However, it’s crucial to review the implementation and documentation for specific details.
For further clarity, could you let us know the SDK version you are using? This information will help the support team provide a more targeted response.
Thanks again for raising this important issue!
Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.
Adding to the things our Web3Auth Bot has mentioned, Web3Auth is a wallet infrastructure, which means the key generated are unique for each integration and user. Your OAuth 2 credentials, dapp credentials (client id, verifiers etc) generate a unique key for the user, specific to your dapp.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.