| ▲ | egorfine 5 days ago | |
Then hardware 2FA won't help. | ||
| ▲ | smw 5 days ago | parent | next [-] | |
This seems to be a common misunderstanding. The major difference between passkeys and hardware 2fa (FIDO2/yubikeys) and TOTP/SMS/Email solutions is that the passkey/yubikey _also_ securely validates the site it's communicating with before sending validation, making traditional phishing attacks all but impossible. | ||
| ▲ | tuckerman 5 days ago | parent | prev [-] | |
Hardware 2FA, with something like passkeys (or even passkeys with software tokens), _would_ prevent this as they are unique to the domain by construction so cannot be accidentally phished (unlike TOTP 2FA). | ||