| ▲ | account42 9 days ago | |
> I am not certain I believe it is very likely, because (a) I think "sign-in partner" is obvious bullshit It's looks almost the same as the log-in-with-big-tech flow that users are already used to. > and (b) I don't understand why I would never enter a code into the wrong website. I believe it can be possible, but... You enter it on the website you are trying to log into and where you initiated the action, which in this scenario is the BAD website. | ||
| ▲ | geocar 2 days ago | parent [-] | |
None of this convinces me the fantasy-scenario is likely, nor that passkeys would do anything to solve it: If the sign-in partner sends login-codes via email that it accepts via proxy servers, they're definitely not going to implement passkeys. | ||