Vertigo3d/iStock/Getty Images Plus via Getty Images
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
A researcher developed an exploit that hijacks passkey authentication.
The exploit depends on a non-trivial combination of pre-existing conditions.
Neither the passkeys nor the protocol was proven to be vulnerable.
At this year's DEF CON conference in Las Vegas, white hat security researcher Marek Tóth demonstrated how threat actors could use a clickjack attack to surreptitiously trigger and hijack a passkey-based authentication ceremony.
In the big picture, this is a story about how password managers could be tricked into divulging login information -- either traditional credentials such as user IDs and passwords or credential-like artifacts associated with passkeys -- to threat actors.
Also: 10 passkey survival tips: Prepare for your passwordless future now
... continue reading