A Company’s Incorrect Passkey Process Can Lead to Phishing Attacks
A Company’s Incorrect Passkey Process Can Lead to Phishing Attacks
As I wrote in Part 1 of this series, Unlike passwords, passkeys are resistant to phishing attacks. Built into the passkey’s cryptographic protocol, the domain of the website you are logging into will be checked. You cannot be phished with passkeys. But unfortunately, I am already seeing an example of a companies implementing passkeys in a way that is not intended to be. The outcome of such negligent implementation of passkey is that it will no longer be phishing resistant. Incorrect implementation First, let’s see an example of how, in my estimation, a company implements its passkey incorrectly and puts
Login or Enroll
This content requires a paid subscription to Peak Prosperity.
$10 / month
Only our paying members have access to premium discussions at Peak Prosperity.
Become a premium member today to gain access to comments like this one and 2 others:
What happened was that Carnival 'outsource' the passkey implementation to OwnID. Steve Gibson from Gibson Research Corporation said it nicely, Another way to say this is that rather than doing ...
