CSOonline

PoisonSeed outsmarts FIDO keys without touching them

The novel technique exploits the cross-device sign-in option on FIDO to create an authenticated session controlled by attackers. PoisonSeed, the notorious crypto-hacking attack group known for ...
CSOonline

Microsoft Authenticator passkey support to be native in January

In statements that some labeled vague and confusing, Microsoft further embraced passkeys — and is decidedly not embracing CISOs who don’t want them. Microsoft has positioned itself as a strong convert ...
Seeking Alpha

BIO-key Introduces Passkey:YOU, a Phish-resistant, Phoneless and Tokenless Biometric FIDO Passkey Authentication Solution

HOLMDEL, N.J., June 14, 2024 (GLOBE NEWSWIRE) -- BIO-key® International, Inc. (NASDAQ: BKYI), an innovative provider of workforce and customer Identity and Access Management (IAM) software ...
Dark Reading

'PoisonSeed' FIDO Attack Turns Out to Be a Red Herring

Last week, researchers at Expel detailed a type of phishing attack dubbed "PoisonSeed" that they said could have used cross-device authentication to circumvent a FIDO passkey protected login. But this ...
Hosted on MSN

Hackers can bypass FIDO MFA keys, putting your accounts at risk - here's what we know

A phishing campaign spotted trying to work around FIDO keys The "cross-device sign in" feature triggers a QR code Crooks can relay the QR code to bypass MFA and log in Hackers have found a way to ...
Ars Technica

Phishers have found a way to downgrade—not bypass—FIDO MFA

Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor authentication scheme based on FIDO (Fast Identity Online), the industry-wide standard being ...