It looks like the risk of phishing has never really been discussed in this repository.
Currently Liberapay recommends either using a password manager, or not setting a password at all (and always logging in via email instead). Both of those options reduce the probability of a user being tricked into giving access to their account to an attacker, but they don't eliminate it, and of course not all users do what's recommended. Possible improvements include #926 and #2163. Feel free to post other suggestions here.
It looks like the risk of phishing has never really been discussed in this repository.
Currently Liberapay recommends either using a password manager, or not setting a password at all (and always logging in via email instead). Both of those options reduce the probability of a user being tricked into giving access to their account to an attacker, but they don't eliminate it, and of course not all users do what's recommended. Possible improvements include #926 and #2163. Feel free to post other suggestions here.