Ricky MondelloDec 30, 2024
I vibe with this. Does anyone have any examples of where and how any vendor’s dialogs around passkeys might lead people astray? The more feedback, the better.
https://infosec.exchange/@adamshostack/113743707996398149
Adam Shostack :donor: :rebelverified: (@[email protected])

@[email protected] I think the biggest thing is to (a) ensure dialogs are clear about what software is presenting them (b) where it plans to store the key and (c) letting people configure what their preference is for passkey management. Err, “things are”

Infosec Exchange
Show threadDale PriceDec 30, 2024

@rmondello Safari always offers to use a Passkey in the username/password field of Apple’s own websites (e.g. App Store Connect), but the website complains about the username or pw being blank. Every step of the way I have to dismiss the passkey offer and even manually click the submit button instead of pressing Enter, or it will revert to the passkey.

It shouldn’t be insisting on submitting the form with a passkey & leaving the username/pw fields blank if the website requires them to be filled

Show threadRicky MondelloDec 30, 2024
@dale_price Hi Dale! Would you mind filing a bug about this at feedbackassistant.apple.com with a video attached? If you send me the feedback ID, I can make sure the right apple.com people look at this.
Show threadDale Price
@rmondello FB16202128 (thanks!)
Dec 30, 2024 at 11:04pmWeb