#webauthn

[ follow ]
fromThe Hacker News
13 hours ago

How Attackers Bypass Synced Passkeys

Passkeys are credentials stored in an authenticator. Some are device-bound, others are synced across devices through consumer cloud services like iCloud and Google Cloud. Sync improves usability and recovery in low-security, consumer-facing scenarios, but shifts the trust boundary to cloud accounts and recovery workflows. The FIDO Alliance and Yubico, have both issued important advisories for enterprises to evaluate this split and to prefer device-bound options for higher assurance.
Information security
Privacy technologies
fromArs Technica
5 months ago

Phishing attacks that defeat MFA are easier than ever. So what are we to do?

WebAuthn authentication significantly enhances security against adversary-in-the-middle attacks by binding credentials to specific URLs and devices.
[ Load more ]