xss

The article explains how a single XSS vulnerability can defeat the phishing-resistance of passkeys when attestation is set to 'none', allowing attackers to register their own passkeys and achieve persistent account takeover. It calls for attention to this overlooked threat and suggests defenses.