Okay? What relevance is this, if the phishing site just asks for a password then... | Hacker News

HN2new | past | comments | ask | show | jobs | submit

		mort96 on Dec 18, 2024 \| parent \| context \| favorite \| on: Microsoft Confirms Password Deletion for 1B Users Okay? What relevance is this, if the phishing site just asks for a password then some users will enter their passwords even if they also have a passkey for that service. They aren't "not getting the credentials of people with a passkey", they are "not getting the credentials of some of the people who remember that they have a passkey and get extra suspicious because the passkey thing doesn't pop up".

ylk on Dec 18, 2024 [–]

I’m saying most people who do phishing likely don’t care to implement passkey detection to display a relevant error message to the user, as it’s not worth the effort, as of now

mort96 on Dec 18, 2024 | [–]

Which means they'll just ask for passwords, which users will happily input since they know they have a password for the service.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact