Search Results: FIDO2

As threat actors increasingly target developers' SSH keys for infrastructure attacks, touch-verified authentication has evolved from theoretical protection to operational necessity. This deep dive explores how hardware-backed solutions like FIDO2 keys and Apple's Secure Enclave create an immutable security layer against credential theft.

A newly revealed exploit demonstrates how threat actors can hijack passkey authentication ceremonies via clickjacking attacks, intercepting critical credentials. While passkeys themselves remain secure, the vulnerability exposes risks in password manager behavior, website implementation flaws, and user configuration choices demanding urgent action from all parties.

A sophisticated phishing campaign dubbed PoisonSeed is circumventing FIDO2 multi-factor authentication by abusing WebAuthn's cross-device sign-in feature, tricking users into approving malicious logins via QR codes. Security firm Expel reveals this downgrade attack doesn't exploit FIDO2 flaws but manipulates legitimate functionality, highlighting evolving threats to phishing-resistant MFA. Organizations must reassess defenses as attackers innovate around hardware security keys.