39
Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication
(www.darkreading.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 02 Jul 2024
39 points (97.6% liked)
Cybersecurity
5728 readers
134 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 1 year ago
MODERATORS
I haven’t either because I don’t see the advantage. Cases like this show that there may not be any.
Cases like this only prove that a better lock doesn't improve security when the old lock still lets you in.
The takeaway here isn't "passkeys are bad", it's "keeping less secure methods of authentication as a fallback is bad"
It's like saying all 2FA is bad because SMS 2FA is dogshit.
This is the real takeaway, if you have a forgot password button that bypasses everything then none of it is anything more than a login accelerator.