#passkeycreation — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #passkeycreation, aggregated by home.social.
-
@timcappalli : and IMO it's a HUGE problem that paskeys are advertised using BULL SHIT.
What makes passkeys phishing resistant is that (the most important part of) the domain name stored with the passkey's private key on your device must match the domain name shown in the browser's address bar *AND* https must be in use.
And typically passkeys *do not* "stay" on your device as they are usually backed up to cloud storage.
-
@timcappalli : you (and Capital One) forgot to mention the most important thing:
WHEN CREATING A PASSKEY: TRIPLE-CHECK THAT YOU'RE ON A WEBSITE USING THE *CORRECT* DOMAIN NAME!
There is ZERO phishing-resistance while CREATING a passkey.