Unpacking Passkeys Pwned: Possibly the most specious research in decades
Don’t believe everything you read—especially when it’s part of a marketing pitch designed to sell security services. The latest example of the runaway hype that can come from such pitches is research published today by SquareX, a startup selling services for securing browsers and other client-side applications. It claims, without basis, to have found a “major passkey vulnerability” that undermines the lofty security promises made by Apple, Google, Microsoft, and thousands of other companies that have enthusiastically embraced passkeys. Ahoy, face-palm ahead “Passkeys Pwned,” the attack described in the research, was demonstrated earlier this month in a Defcon presentation. It [...]