alt Hacker NewsYeah you just allow setting a new passkey by sending an email link, just like password resets. Passkeys don't have to be remembered, can't be phished, and don't need 2FA.
Yeah you just allow setting a new passkey by sending an email link, just like password resets. Passkeys don't have to be remembered, can't be phished, and don't need 2FA.
That's highly misleading to outright misinformation.
> Passkeys don't have to be remembered
Because you need an app for the login flow. You also don't have to remember passwords if you use a password manager app.
> don't need 2FA
Not true, a second factor in the form of eg a biometric ID or PIN is mandatory.
Phishing resistance exists, but only truly so if you completely surrender control over your device and access to your credentials. Something that the same organizations who you'll depend on for Passkeys are actively pushing for through various initiatives.