The Golden Ticket Heist: Intercepting Passkey Authentication

Security researcher Marek Tóth unveiled a sophisticated attack at DEF CON 2025, demonstrating how malicious actors can hijack the process of logging in with a passkey. Dubbed a "passkey hijack," the exploit doesn't steal the passkey itself – a core security tenet remains intact – but intercepts the critical payload generated during the authentication ceremony. This payload, the PublicKeyCredential (essentially a one-time "golden ticket"), is snatched before it reaches the legitimate website and sent to an attacker-controlled server. The attacker then uses this intercepted ticket to gain unauthorized access to the victim's account.

Article illustration 1

Caption: Vertigo3d/iStock/Getty Images Plus via Getty Images

The Mechanics: Clickjacking, Malicious Scripts, and Missing Safeguards

Tóth's exploit relies on a precarious combination of factors:

  1. Malicious Script Injection: A cross-site script (XSS) must be present on a website the victim visits, potentially via compromised user-generated content or ad networks.
  2. Clickjacking the Ceremony: The malicious script overlays a hidden login form with an innocent-looking element (like a cookie consent banner). When the user clicks to dismiss the overlay, they inadvertently trigger their password manager to initiate a passkey login on the hidden form.
  3. Golden Ticket Interception: As the password manager prepares the PublicKeyCredential (golden ticket) for the legitimate site, the malicious script intercepts it.
  4. Exploiting Weak Session Binding: Crucially, the attack succeeds only if the targeted website fails to implement proper session binding. This security best practice uses an HttpOnly session cookie to cryptographically tie the authentication challenge to the user's specific browser session. Without this binding, the intercepted golden ticket can be used from the attacker's machine.

"The protocol itself is probably secure. I haven't tested it extensively, as it wasn't the focus of my research," Tóth stated to ZDNET, emphasizing that the flaw isn't in the FIDO2 passkey standard itself.

Shared Blame: Password Managers, Websites, and Users

Tóth primarily points the finger at password managers, arguing they could do more to detect and prevent the attack:

  • Password Manager Behavior: Tóth identified vulnerabilities in 12 popular password managers (including major vendors), noting they could better detect hidden forms and overlays characteristic of clickjacking. Many have since released updates:
    • Bitwarden: "Implemented mitigations... disabling inline autofill when site styling suggests potential manipulation." (Mike Stolyar, Director of Communications)
    • 1Password: Added user confirmation prompts before autofill (v8.11.7). (Jacob DePriest, CISO)
    • NordPass: Rendered UI elements to prevent overlays and locked dialog styles. (Karolis Arbaciauskas, Head of Business Product)
    • LastPass: Detects zero-opacity elements and may add trust prompts. (Greg Armanini, Director of Product Management)
  • Website Operator Negligence: The fundamental failure enabling the attack is often the lack of session binding via HttpOnly cookies. Tóth found 4 out of 7 tested passkey integration plugins (Hanko, SK Telecom, NokNok, Authsignal) didn't implement it by default on their demo sites, though these are not necessarily production configurations.
    • Hanko CEO Felix Magedanz acknowledged the gap: "We're aware of the issue and our team is actively working on a fix... We're treating this with the highest priority."
    • The FIDO Alliance defended its certification process, with CTO Nishant Kaushik telling ZDNET: "Demo sites would not typically be hardened in the same manner as an actual implementation," while reiterating session binding's importance.
  • User Configuration Choices: Users disabling frequent re-authentication prompts (biometric/PIN) for their password manager remove a critical warning layer. If prompted unexpectedly during a routine action (like dismissing a banner), it should be a major red flag.

Hardening Defenses: The Nuclear Option and Vigilance

Beyond basic session binding, websites possess a powerful tool: the userVerification parameter. Setting this to "required" in the authentication challenge forces the password manager to prompt the user for biometric/PIN verification, regardless of their settings. This acts as a final user-facing checkpoint against inadvertent authentication.

All password managers queried (1Password, Bitwarden, LastPass, NordPass) confirmed they honor the userVerification: "required" flag.

For users:

  1. Update Password Managers: Ensure your password manager is updated to the latest version incorporating clickjacking defenses.
  2. Enable Strict Verification: Configure your password manager to require biometric/PIN verification frequently, ideally for every login. This creates friction that can expose malicious attempts.
  3. Stay Vigilant: Be wary of unexpected verification prompts triggered by seemingly innocuous actions like clicking a "close" button.

Passkeys Remain Superior, But Layers Matter

Despite this exploit, passkeys are fundamentally more secure than passwords – they resist phishing, aren't guessable, and aren't reused. Tóth's research ironically proves this: the same attack is far more devastating against traditional username/password logins, where the stolen credentials are reusable. The passkey hijack requires highly specific, non-trivial conditions to succeed and crucially depends on failures elsewhere in the security chain.

The incident underscores a universal truth in cybersecurity: robust protection requires diligence at every layer. Website operators must implement session binding. Password managers must aggressively detect and mitigate UI manipulation. Users must configure their tools securely and stay alert. Only when all parties fulfill their responsibilities can the full security potential of passkeys be realized. The responsibility isn't singular; it's collective.

Source: Investigation and reporting by David Berlind, Senior Contributing Editor, ZDNET, based on research by Marek Tóth and interviews with FIDO Alliance, Hanko, Bitwarden, 1Password, NordPass, and LastPass.