Passkey implementations by Google, Amazon, Microsoft vulnerable to AitM attacks, research

Attackers can proxy login pages removing mention of passkeys and prompting users to resort to passwords, finds eSentire

John Leonard
clock • 4 min read
Passkey implementations by Google, Amazon and Microsoft vulnerable to AitM attacks, research
Image:

Passkey implementations by Google, Amazon and Microsoft vulnerable to AitM attacks, research

Passkeys have surged in popularity in recent months as organisations recognise them as an effective way to combat phishing attacks, and with major tech companies such as Apple, Microsoft and Google promoting their adoption.

Based on FIDO [Fast Identity Online] standards, passkeys are designed as a replacement for passwords. They are the equivalent of hardware keys, the best known being the Yubikey, but are present on ...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
Google strengthens Advanced Protection Program with passkey integration

Security Technology

To enroll in APP with a passkey, users need a compatible device and browser

clock 12 July 2024 • 3 min read
WhatsApp adds passkeys on Android

Security

Another app dropping passwords

clock 18 October 2023 • 1 min read
GitHub announces passwordless authentication trial

Security Technology

The trial can be considered a milestone in the long demise of passwords

clock 13 July 2023 • 2 min read

More on Threats and Risks

Cisco patches critical flaw in Secure Email Gateway appliances

Cisco patches critical flaw in Secure Email Gateway appliances

Patch devices immediately

clock 19 July 2024 • 3 min read
Nearly 7% of all internet traffic is malicious, says Cloudflare

Nearly 7% of all internet traffic is malicious, says Cloudflare

Volume and scale of DDoS attacks ‘vast’

Penny Horwood
clock 17 July 2024 • 2 min read
Malicious Python packages found exfiltrating user data to Telegram bot

Malicious Python packages found exfiltrating user data to Telegram bot

Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers

John Leonard
clock 15 July 2024 • 2 min read