No warning when server uses not matching rpid for Passkey usage
When i try to login via Passkey on a server that sends a rpid in the challenge-json that does not match the domain there is only a warning in the console. Why is there no warning where any user can see it e.g. as a Pop-Up? I feel like this might be a way to get users to downgrade from passkey to password in a phishing-attempt.
Thanks for your Answers.
When i try to login via Passkey on a server that sends a rpid in the challenge-json that does not match the domain there is only a warning in the console. Why is there no warning where any user can see it e.g. as a Pop-Up?
I feel like this might be a way to get users to downgrade from passkey to password in a phishing-attempt.
Thanks for your Answers.
Всички отговори (1)
You need to check with their site support to ask what us going with the login.