Web wallets don't exist yet outside of testnet.

They have no downloadable app, don't require social login, and are powered by passkeys.

They are a new thing that will change everything.

One potential concern with passkey-based web wallets is that it trains users to sign transactions on popup windows, exposing the user to scams.

But a passkey is tied to the specific domain where it was created, so only the domain that created the passkey can request its use to sign transactions.

Building dynamic.xyz | @dynamic | Craft magical onchain sign up experiences  - embedded wallets, login, user mgnt, authz and more | Demo: demo.dynamic.xyz

Agree! What are the primary security risks?

The user can't sign a malicious transaction on another domain because the passkey can't be requested by another domain.

The benefits of pop ups for global web wallets far outpace the risks IMO. It creates an isolated environment, it lets the web wallet control dialogs and explanations, and in general created an experience familiar to oauth which people know and trust.