102 matches found
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature
Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even...
Google Adds Passkeys to Advanced Protection Program for High-Risk Users
Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program APP. "Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said...
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta is warning that a cross-origin authentication feature in Customer Identity Cloud CIC is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for...
Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it
More and more websites and services are making multi-factor-authentication MFA mandatory, which makes it much harder for cybercriminals to access your accounts. Thats a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing we...
Google Announces Passkeys Adopted by Over 400 Million Accounts
Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years. "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than...
Microsoft introduces passkeys for consumer accounts
Ten years ago, Microsoft envisioned a bold future: a world free of passwords. Every year, we celebrate World Password Day by updating you on our progress toward eliminating passwords for good. Today, we’re announcing passkey support for Microsoft consumer accounts, the next step toward our vision...
A Bootiful Podcast: Daniel Garnier-Moiroux on Passkeys and Spring Security
Hi, Spring fans! In this installment, I talk to my friend and colleague Daniel Garnier-Moiroux about the amazing awesome implications of passkeys in a Spring Security application...
On Passkey Usability
Matt Burgess tries to only use passkeys. The results are mixed...
I Stopped Using Passwords. It's Great—and a Total Mess
Passkeys are here to replace passwords. When they work, it’s a seamless vision of the future. But don’t ditch your old logins just yet...
The sound of you typing on your keyboard could reveal your password
As if password authentications coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate...
The sound of you typing on your keyboard could reveal your password
As if password authentications coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate...
Many major websites allow users to have weak passwords
A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study, the researchers designed an algorithm that automatically determined a website’s password policy. With...
Google’s New Titan Security Key Adds Another Piece to the Password-Killing Puzzle
The new generation of hardware authentication key includes support for cryptographic passkeys as Google pushes adoption of the more secure login alternative...
Update now! Apple patches a raft of vulnerabilities
Apple has released security updates for its phones, iPads, Macs, watches and TVs. Updates are available for these products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th...
CVE-2023-42847
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication...
CVE-2023-40401
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication...
Authentication flaw
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication...
Authentication flaw
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication...
CVE-2023-40401
CVE-2023-40401 affects macOS Ventura prior to the 13.6.1 security update. The issue, tracked under Passkeys, could allow an attacker to access passkeys without authentication. Apple fixed this in macOS Ventura 13.6.1 by adding permissions checks. The NVD assigns a CVSS v3.1 base score of 7.5 (Hig...
CVE-2023-40401
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication...