Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 06, 2026
@arianvp I do think they should get moving. But also, a passkey with a broken signature algorithm is still more secure than a password: the attacker needs the public key to fake a signature, and that's only in the website's database. I think it should still be phishing-resistant, too.
View full thread on abyssdomain.expert
2
1
0
Conversation (1)
Showing 0 of 1 cached locally.
Syncing comments from the remote thread. 1 more reply is still loading.
Loading comments...