Ethereum Account Abstraction

The biggest problem I have with passkeys in crypto is that it fails the walkaway test because it’s tied to a domain

Is this solvable?

There are some initiatives to make this more malleable.

See the new related origins request feature on Chrome:

There are some initiatives to make this more malleable.

See the new related origins request feature on Chrome: https://developer.chrome.com/blog/passkeys-updates-chrome-129?hl=en#related-origin-requests

engineering at /privy. building pixelpool.xyz, the first Farcaster video client. nyc. 👨‍💻🍎🏳️‍🌈  nf.td/payton

Yeah, this would be more contradictory to the Passkey ethos I think. Passkeys are ultimately meant to be resistant to phishing, so opening up a Passkey to all domains would remove a lot of the benefits. If you remove the domain constraint, I think you would need to replace it with something else that's consistent across browser security models.

This is a step in the right direction, but one thing that i think could solve the walkaway issue is a ‘universal’ passkey that can be invoked from any website. Not sure if this contradicts passkeys on a philosophical level though because it seems like they believe quite strongly that passkeys shouldn’t be transferable across domains