Ricky Mondello on Nostr: I got a question on Twitter: > Sorry for the off topic; but the other day I logged to ...
I got a question on Twitter:
> Sorry for the off topic; but the other day I logged to Amazon with my passkey and then they asked me for a 2FA code 🙃
It is my **personal opinion** that this is likely a misuse of passkeys by Amazon. I can’t and won’t speak directly to Amazon’s threat modeling and regulatory requirements, but when adopting passkeys, websites and apps using {2,M}FA today should re-think things.
https://twitter.com/zetsubobilly/status/1828142448415285500?s=61&t=DEhf_7G-RJlxl2CqWQS9tw
> Sorry for the off topic; but the other day I logged to Amazon with my passkey and then they asked me for a 2FA code 🙃
It is my **personal opinion** that this is likely a misuse of passkeys by Amazon. I can’t and won’t speak directly to Amazon’s threat modeling and regulatory requirements, but when adopting passkeys, websites and apps using {2,M}FA today should re-think things.
https://twitter.com/zetsubobilly/status/1828142448415285500?s=61&t=DEhf_7G-RJlxl2CqWQS9tw