I'm trying to understand the differences between using phone sign-in and passkeys with the Microsoft Authenticator app. Both methods leverage the app, but I'm curious if one is more secure than the other, particularly regarding phishing risks.
1 Answer
Passkeys are definitely more secure because they are designed to be phishing-resistant. Unlike phone sign-in, which can still be susceptible if someone tricks you into sharing the login code, passkeys rely on biometrics on your device. This makes it much harder for attackers to gain access.
But isn't there still a risk of getting phished by malicious QR codes that direct to fake sites?