<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@dalias" class="u-url mention">@<span>dalias</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@glyph" class="u-url mention">@<span>glyph</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@mcc" class="u-url mention">@<span>mcc</span></a></span> PKI-based authentication is strictly better than what you're suggesting since you can no longer steal a credential (other than from the password manager), no matter what happens with the browser or the website</p>
