Do you manually check every site's SSL certificate before connecting? If not, how can you be sure there's not a MITM/Replay attack ongoing right now?
Very commonly user databases are the one being accessed for some reason, resulting in user data + salted passwords released.
How so? I can social engineer an employee to give me the password for a site they have in the password manager. I can't make them give me the passkey because they can't do that. It's not something you can paste in a chat.
From a security perspective, not being able “paste into chat” is a fundamental feature of passkeys. The whole point is to prevent a static secret which can easily be copied by an attacker, memorized, phished, or re-used across sites.
Very commonly user databases are the one being accessed for some reason, resulting in user data + salted passwords released.
How so? I can social engineer an employee to give me the password for a site they have in the password manager. I can't make them give me the passkey because they can't do that. It's not something you can paste in a chat.