Passkeys aren’t attack-proof, not until properly implemented | allinfosecnews.com

July 3, 2024, 11:39 a.m. |

CSO Online www.csoonline.com

Passkey, a password-less technology for authenticating user access to cloud-hosted applications, may still be vulnerable to adversary-in-the-middle (AitM) attacks despite its massive popularity, according to an eSentire study.

Poor implementation of passkeys, like offering less secure backup authentication methods, can lead to an AitM bypassing the authentication flow by modifying prompts shown to users.

“In the case where passkeys are used as a first-factor authentication method only, the downgraded authentication flow is now vulnerable to AitM,” Joe …

access adversary adversary-in-the-middle aitm applications attack attacks authentication authentication methods backup bypassing can cloud esentire flow implementation may multi-factor authentication passkey passkeys password poor prompts proof study technology vulnerable

More from www.csoonline.com / CSO Online

New Intel CPU side-channel attack Indirector can leak sensitive data 3 hours ago | www.csoonline.com

advanced persistent threats attack attacks boundaries +30

Over 35,000 Ether subscribers targeted in a campaign from crypto draining 9 hours ago | www.csoonline.com

actor address blog blog post +18

Logic bombs explained: Definition, examples, prevention 16 hours ago | www.csoonline.com

actions application bomb bombs +21

Europol disrupts about 600 abusive Cobalt Strike servers 1 day, 11 hours ago | www.csoonline.com

abuse addresses cobalt cobalt strike +19

Tabletop exercise scenarios: 10 tips, 6 examples 1 day, 12 hours ago | www.csoonline.com

business business continuity business operations continuity +24

Kaspersky software ban: CISOs must move quickly, experts say 1 day, 16 hours ago | www.csoonline.com

anti-malware ban bans cisos +17

Download the UEM vendor comparison chart, 2024 edition 2 days, 7 hours ago | www.csoonline.com

can chart download endpoint +15

Passkeys aren’t attack-proof, not until properly implemented 2 days, 10 hours ago | www.csoonline.com

access adversary adversary-in-the-middle aitm +23

How CISOs can protect their personal liability 2 days, 16 hours ago | www.csoonline.com

can cases ciso cisos +23

System Administrator, Senior

@ Booz Allen Hamilton | USA, NV, Nellis AFB (4370 Washington Blvd)

View on infosec-jobs.com

Staff Systems Engineer

@ Commonwealth Bank | Bengaluru - Manyata Tech Park Road

View on infosec-jobs.com

(IND) Software Engineer III

@ Walmart | IN KA BANGALORE Home Office Building 10

View on infosec-jobs.com

Software Engineer III

@ Walmart | IN KA BANGALORE Home Office Building 11

View on infosec-jobs.com

Systems Engineer - Global Accounts

@ Palo Alto Networks | London, United Kingdom

View on infosec-jobs.com

Principal Support Engineering Specialist - SASE

@ Palo Alto Networks | Bengaluru, India

View on infosec-jobs.com