Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Honest question: isn't that introducing some weaknesses, allowing the attacker to either reactivate password auth or add it's own passkey eh by tricking the user in accepting that change after receiving a mail with a link to accept that change? That would make the passkey unbreakable, but leave other easier to exploit weaknesses.


No. You always need that flow.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: