Standard MFA (time based codes) is not phishing resistant. Users can be social engineered into giving up a password and MFA token.
So basically this is just idiot-proofing the system. If you aren’t the type of person to give your password or MFA token to another person, then passkeys don’t really make better security.
It also allows you to login without someone visually observing your password while typing it on a keyboard or on an untrusted device that could have a keylogger.
So basically this is just idiot-proofing the system. If you aren’t the type of person to give your password or MFA token to another person, then passkeys don’t really make better security.
It also allows you to login without someone visually observing your password while typing it on a keyboard or on an untrusted device that could have a keylogger.