39
Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication
(www.darkreading.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 02 Jul 2024
39 points (97.6% liked)
Cybersecurity
5728 readers
134 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 1 year ago
MODERATORS
Arguably, it’s more like someone is able to hide the door altogether and force you to climb through the less-well-secured window. The fact that they can hide the door at all makes its locks meaningless.
I get that this is an inherent problem of security mechanisms in general and not of passkeys in particular. But it still reduces passkeys to just fancy passwords. They’re obviously not any more reliable in practice.