Resilient Life
Build resilience by taking action in your personal life!

A Company’s Incorrect Passkey Process Can Lead to Phishing Attacks

Peak Insiders
3
By iSecurityGuru
December 28, 2022

A Company’s Incorrect Passkey Process Can Lead to Phishing Attacks

Peak Insiders
By iSecurityGuru on
December 28, 2022
3

As I wrote in Part 1 of this series, Unlike passwords, passkeys are resistant to phishing attacks. Built into the passkey’s cryptographic protocol, the domain of the website you are logging into will be checked. You cannot be phished with passkeys. But unfortunately, I am already seeing an example of a companies implementing passkeys in a way that is not intended to be. The outcome of such negligent implementation of passkey is that it will no longer be phishing resistant. Incorrect implementation First, let’s see an example of how, in my estimation, a company implements its passkey incorrectly and puts

Login or Enroll

This content requires a paid subscription to Peak Prosperity.

From

$10 / month

Comments

Only our paying members have access to premium discussions at Peak Prosperity.

Become a premium member today to gain access to comments like this one and 2 others:

What happened was that Carnival 'outsource' the passkey implementation to OwnID. Steve Gibson from Gibson Research Corporation said it nicely, Another way to say this is that rather than doing ...
Select your currency
Credit card and crypto payment options available at checkout.

Crash Course 2.0!

Information you can't afford to live without! Order Today!

 

Pre-Order Now!
Shopping Cart
3
0
Would love your thoughts, please comment.x
()
x
Scroll to Top