Passkeys are phishing resistant, or so they say… but the web app still needs to let you in with password + 2FA… So I’m not sure how much that’s really worth.
I guess if the users are typically never seeing a 2FA prompt then it should be more suspicious when they see one?
Passkeys are phishing resistant, or so they say… but the web app still needs to let you in with password + 2FA… So I’m not sure how much that’s really worth.
I guess if the users are typically never seeing a 2FA prompt then it should be more suspicious when they see one?