Tag
Troy Hunt's weekly podcast episode with Scott Helme, where they launch 'Why no Passkeys?', a successor to 'Why no HTTPS?' that encourages organizations to adopt passkeys for authentication.
The article explains how a single XSS vulnerability can defeat the phishing-resistance of passkeys when attestation is set to 'none', allowing attackers to register their own passkeys and achieve persistent account takeover. It calls for attention to this overlooked threat and suggests defenses.
Discusses the potential of passkeys to replace passwords as a more secure authentication method.
The article introduces Revaulter v2, a tool that enables unlocking encrypted ZFS volumes at boot using passkeys (WebAuthn), allowing remote approval via a mobile web interface without storing keys in plaintext.