But what are Passkeys good for in crypto? You canāt see the payload of what the app is proposing to sign. Iām not trusting websites, Iāve been trusting wallets. Is this flipped now?
Theoretically the website can show you the payload before you sign no?
Itās a good point, all signature requests show āsign into dapp with passkeyā with current webauthn capabilities. The messaging would need to improve. We need to give users confidence their intent is being fulfilled.
I see this argument pop up a bunch. I don't think it really makes sense. Most wallets rn will ask you to FaceID before signing, this is like saying the FaceID UI doesn't show you any payload. It is the wallets responsibility to show the users the payload before the passkey.