Techly NewsGet the app

Get the latest tech news

Unpacking Passkeys Pwned: Possibly the most specious research in decades


Researchers take note: When the endpoint is compromised, all bets are off.

It relies on a malicious browser extension, installed in an earlier social engineering attack, that hijacks the process for creating a passkey for use on Gmail, Microsoft 365, or any of the other thousands of sites that now use the alternative form of authentication. “In my personal view, this seems like a dubious sales pitch for a commercial product,” Kenn White, a security engineer who works for banking, health care, and defense organizations, wrote in an interview. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of decades

decades

Photo of specious research

specious research

Related news:

News photo

With India’s corporate banking lagging decades behind consumer fintech, TransBnk raises $25M to bridge the gap

News photo

"Special register groups" invaded computer dictionaries for decades (2019)

News photo

Americans spend less time reading for fun and more time on screens -- Reading for pleasure in the U.S. fell 40% over two decades: UCL, UF paper

« Thousands of Citrix NetScaler boxes still sitting ducks despite patches
NVIDIA is (really) profiting from the AI boom »