all InfoSec news
Google Passkeys Weakness
Aug. 27, 2023, 1:01 a.m. | Lauren Weinstein
The RISKS Digest catless.ncl.ac.uk
[...] I'll note here the fundamental issue. In their promotion of passkeys,
Google attempts to gloss over a key weakness (no pun intended) in their
passkey implementation, and in my discussions with them to try "minimize"
the importance of this problem.
Google's current passkey implementation is completely dependent on the
device security on which passkeys have been deployed. Google has not
provided any mechanism for secondary passwords or other authentication
methods to specifically protect passkeys if a device is compromised. …
current device device security discussions google implementation issue key passkey passkeys problem security weakness
More from catless.ncl.ac.uk / The RISKS Digest
EFI IPv6/PXE Security Flaw
3 months, 1 week ago |
catless.ncl.ac.uk
Imaging privacy threats from an ambient light sensor
3 months, 1 week ago |
catless.ncl.ac.uk
Re: CLEAR wants to scan your face at airports. Privacy experts are worried.
3 months, 1 week ago |
catless.ncl.ac.uk
Jobs in InfoSec / Cybersecurity
Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)
@ IREX | Ramallah, West Bank, Palestinian National Authority
Consultant(e) Junior Cybersécurité
@ Sia Partners | Paris, France
Senior Network Security Engineer
@ NielsenIQ | Mexico City, Mexico
Senior Consultant, Payment Intelligence
@ Visa | Washington, DC, United States
Corporate Counsel, Compliance
@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX
Security Operations Engineer
@ Samsara | Remote - US