It will depend on the authentication strategy. For WebAuthn it isn't a problem, short of sending you their physical authenticator (e.g. their Yubikey, or their iPhone) they can't help you sign in as them even if they wanted to, so this makes it very hard to fool ordinary users into helping crooks.