FIDO Alliance publishes new spec to let users move...

[sitharus]

Phishing relies on visual confusion to get people to enter their passwords on a site that isn't the one they think it is.

WebAuthn credentials are bound to the issuing domain, so the user agent will not supply a passkey to a domain other than the one it should go to.