Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The passkey pop-ups which are indistinguishable from javascript pop-ups are a particularly egregious security mistake.


What's the problem here? Javascript popups can't read your fingerprint so what would be the endgame of a fake passkey popup?


timeout after 10 seconds "fingerprint can't be read, please enter password"


They’re saying they shouldn’t look similar because it conveys authority otherwise.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: