This vulnerability has nothing to do with password strength or security and everything to do with password reset security, i.e. email and improper handling of parameters to that reset API call.
Passkeys are interesting and potentially quite strong but they’re going to have to fall back to the same old reset mechanism if you e.g. drop your passkey device (phone) into a lake.
This vulnerability has nothing to do with password strength or security and everything to do with password reset security, i.e. email and improper handling of parameters to that reset API call.
Passkeys are interesting and potentially quite strong but they’re going to have to fall back to the same old reset mechanism if you e.g. drop your passkey device (phone) into a lake.
Or just make it clear your account is gone if you lose your passkey, so have a second key for backup or learn a hard lesson.