all InfoSec News
Passkeys aren’t attack-proof, not until properly implemented
CSO Online www.csoonline.com
Passkey, a password-less technology for authenticating user access to cloud-hosted applications, may still be vulnerable to adversary-in-the-middle (AitM) attacks despite its massive popularity, according to an eSentire study.
Poor implementation of passkeys, like offering less secure backup authentication methods, can lead to an AitM bypassing the authentication flow by modifying prompts shown to users.
“In the case where passkeys are used as a first-factor authentication method only, the downgraded authentication flow is now vulnerable to AitM,” Joe …
access adversary adversary-in-the-middle aitm applications attack attacks authentication authentication methods backup bypassing can cloud esentire flow implementation may multi-factor authentication passkey passkeys password poor prompts proof study technology vulnerable