| ▲ | jotaen 5 days ago | |
> I have yet to see any solid, significant evidence that passkeys are materially more secure than a random 32-character password + TOTP 2FA. I think the main selling point of passkeys is their ability to prevent phishing. A 32-character password + TOTP can still be entered on a phishing website, e.g. if you happen to follow a fabricated link. With passkeys, this is not possible by design. | ||
| ▲ | rekabis 4 days ago | parent [-] | |
> A 32-character password + TOTP can still be entered on a phishing website, e.g. if you happen to follow a fabricated link. …How? The password manager only permits exact links. If the URL does not have the UTF-8-identical characters to the correct url - at which time, IT IS the correct URL - it will simply not populate the username and password fields. | ||