> Yes, the idea you are presenting is that the human being must manually check for mistakes.

Not at all? The password manager handles that automatically, have you never used a password manager before?

> Passkeys will automate and enforce the check

What happens to the passkey when the origin changes, is it automatically recognising it as the new domain without any manual input? Curious to see what magic is responsible for that

▲

yawaramin 4 days ago | parent [-]

> Not at all?

Yes: '...you double-check the domain.' That's manually checking for mistakes.

> What happens to the passkey when the origin changes,

The passkey won't work at all. You will just have to create a new one.

▲

diggan 4 days ago | parent [-]

> Yes: '...you double-check the domain.' That's manually checking for mistakes.

Yes, but that's only when the origin changed compared to when you added it to the password manager. Same thing for Passkeys, won't work if the origin is different, so you double-check that the domain in your browser address bar is the correct one.

Obviously normally you don't do anything except click on the account that shows up, since the domain matches.

▲

yawaramin 3 days ago | parent [-]

With passkeys there is nothing to check manually. If it works, you know it's the domain you registered on. If it doesn't work, you log in with a non-phishable auth method like emailed magic link, then register a new passkey.

You could claim that a phishing site could set up their own passkey registration system–but that still wouldn't give them access to the target's real account.

	▲	diggan 3 days ago \| parent [-]
		> With passkeys there is nothing to check manually. If it works, you know it's the domain you registered on. If it doesn't work, So exactly the same as password managers, there is no functional difference if you were using a password manager...