Ricky MondelloDec 30, 2024
I vibe with this. Does anyone have any examples of where and how any vendor’s dialogs around passkeys might lead people astray? The more feedback, the better.
https://infosec.exchange/@adamshostack/113743707996398149
Adam Shostack :donor: :rebelverified: (@[email protected])

@[email protected] I think the biggest thing is to (a) ensure dialogs are clear about what software is presenting them (b) where it plans to store the key and (c) letting people configure what their preference is for passkey management. Err, “things are”

Infosec Exchange
Show threadsbi
@rmondello That's not just a passkey problem. Every time my mother calls me to ask about "that strange question" which just popped up on her phone or computer, I first ask which app is showing this. Generally, she has no idea about this, though. And that is true even for dialogs where it's obvious to me, but there are some where even I am stumped.
I think every OS needs a generic solution that makes it absolutely obvious what app promoted a specific question/decision to the user.
Dec 31, 2024 at 8:09amWeb