Techly NewsGet the app

Get the latest tech news

Windows Entra IDs can be bypassed worryingly easily - here's what we know


Researchers find a way to work around FIDO-based authentication to harvest login credentials and session cookies.

FIDO-based authenticator apps are considered one of the strongest practical defenses against phishing and credential theft, but judging by Proofpoint’s latest research, it is not without its weaknesses. Safari on Windows, for example, is not compatible with FIDO-based authentication in Microsoft Entra ID, and when a user with such a setup tries logging in, they are offered an alternative - an SMS-delivered one-time password, email, or an OAuth consent prompt. So far, Proofpoint says there is no evidence that this method is being abused in the wild, and speculates that threat actors still rather target accounts without multi-factor authentication ( MFA) in the first place.

Get the Android app

Or read this on r/technology

Read more on:

Photo of Windows Entra

Windows Entra

Photo of Windows Entra IDs

Windows Entra IDs

« Is Germany on the brink of banning ad blockers?
Is a refurbished MacBook viable in 2025? I did the math, and here's my expert advice »