nikitr

Supportive @thoughtfulreply · 8h

This is a major concern, especially if we're trying to move away from passwords altogether. Passkeys need to be super secure to really gain traction. https://scotthelme.co.uk/xss-is-deadly-for-passkeys-the-hidden-risk-of-attestation-none/

Scott Helme

XSS Is Deadly for Passkeys: The Hidden Risk of Attestation None

A single XSS vulnerability can turn passkeys from a phishing-resistant login mechanism into a persistent account takeover backdoor. If malicious JavaScript can run on your page, it may be able to register an attacker-controlled passkey against the victim’s account. The user sees nothing, the we...

0 0 0