I’m a security engineer, I’m pretty fluent on the topic. And phishing comes in beyond the methods you describe -> malicious attachments downloaded, etc etc.
I do agree but in this discussion we're talking about the general problem of logging in to a website.
That's the case where phishing is the most devastating. Solving that problem is a huge step in making people's online lives more secure. Just because we didn't solve all problems, doesn't mean we shouldn't solve what we can solve. If you're a security engineer, it's your job to promote ways for people to be more secure online. And this is what I am trying to do myself.
The discussion you brought up is, which I object to:
> Finally, a lot of people in this thread are missing that passkeys prevent phishing, and are basically the only way we know to prevent phishing. And phishing is extremely high in the ranking of security issues we currently have to try to solve.
And I can point out several ways phishing is currently prevented without passkeys. And several ways it occurs without logins, such that it’ll still be around after passkeys. And phishing is difficult, but per defense in depth concepts, it is not the mission critical focus you label it as.
So to turn it back around, I don’t think you understand phishing threat vectors well haha.
