Techly NewsGet the app

Get the latest tech news

Phishers have found a way to downgrade—not bypass—FIDO MFA


Contrary to recent reports, phishing sleight-of-hand doesn’t defeat FIDO.

Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor authentication scheme based on FIDO (Fast Identity Online), the industry-wide standard being adopted by thousands of sites and enterprises. For this additional step, the passkey must use a unique cryptographic key embedded into the device to sign a challenge that the site (Okta, in this case) sends to the browser logging in. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of Way

Way

Photo of bypass

bypass

Photo of MFA

MFA

Related news:

News photo

'Magic' moon tech: Chinese scientists find way to extract water, CO2, oxygen from lunar soil

News photo

Jensen Huang woos Beijing as Nvidia finds a way back into China

News photo

Signs of autism could be encoded in the way you walk

« The Israeli "art student" mystery (2002)
Best Samsung Galaxy Watch 8 Classic screen protectors 2025 »