Information security
fromThe Hacker News
2 months agoHow Attackers Bypass Synced Passkeys
Synced passkeys are insecure for enterprises because they inherit cloud-account and recovery risks, enable downgrade and extension attacks, and expand the attack surface.