It’s theatre because you still need the non passkey recovery method. The system ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sjducb on Dec 18, 2024 \| parent \| context \| favorite \| on: Microsoft Confirms Password Deletion for 1B Users It’s theatre because you still need the non passkey recovery method. The system is as weak as its weakest link.

Schiendelman on Dec 19, 2024 [–]

This is missing the forest for the trees. Phishing attacks won't ask you to reset your passkey - or if they do, they'll have to be much more complicated and targeted. This will dramatically reduce the attack surface threatening the vast majority of users.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact