Puzzleheaded_Egg6362
Highest Rated Comments
Puzzleheaded_Egg63623 karma
Passkeys wouldn't be a help either, if you're a victim of recent 'Microsoft Azure hosted subdomain hijacking'. Lets say you've enabled autofill before you know it.. you'll be authenticated as soon as you visit the Phishing site with the similar top level domain whether its password or even passkeys. It all comes down to what 2fa are you using.
Puzzleheaded_Egg63623 karma
By passkeys autofill i mean is, all it has to match is domain name and TLD to prompt for passkeys for that website (no subdomain). And as a user, i would think that's legitimate. Idk if passkeys will be used for autologin or not. But in rare scenario like in the Azure case i mentioned before, it is a loophole for Phishing attack. It affects over 30k domains then even passkeys fails there. Only 2fa will save you there.
Puzzleheaded_Egg63621 karma
And do you use double-blind password strategy, also known as "horcruxing", "password splitting", or "partial passwords" for yourself ? or you always store full passwords in Dashlane ? thanks
Puzzleheaded_Egg63620 karma
When do we see 'Passwordless login for Dashlane account' rolling out ?
Puzzleheaded_Egg636214 karma
That's not what i meant. i mean if subdomain is hijacked then passkeys will work on xyz.google.com, then you're screwed too.
watch this video and read more. How terrifying it is!!
View HistoryShare Link