WingNews logo WingNews
top | item 46305946

(no title)

jotaen | 2 months ago

> I have yet to see any solid, significant evidence that passkeys are materially more secure than a random 32-character password + TOTP 2FA.

I think the main selling point of passkeys is their ability to prevent phishing.

A 32-character password + TOTP can still be entered on a phishing website, e.g. if you happen to follow a fabricated link. With passkeys, this is not possible by design.

discuss

order

rekabis|2 months ago

> A 32-character password + TOTP can still be entered on a phishing website, e.g. if you happen to follow a fabricated link.

…How? The password manager only permits exact links. If the URL does not have the UTF-8-identical characters to the correct url - at which time, IT IS the correct URL - it will simply not populate the username and password fields.