alt Hacker NewsA threat model is you can steal the creds of any high clearance officer in the organization. If they reuse the password on the network, you now have unfettered access.
SSO is much more common these days, but that it wasn't the case back then.
A threat model is you can steal the creds of any high clearance officer in the organization. If they reuse the password on the network, you now have unfettered access.
SSO is much more common these days, but that it wasn't the case back then.
Steal the creds by doing what, though? Most attacks could get their password even if it wasn't in the cookie.
And password managers have been plenty well known for a long time.