PoisonSeed threat actors are bypassing FIDO2 security keys by exploiting the cross-device sign-in feature in WebAuthn, tricking users into approving login requests from fake portals. This attack does not exploit a flaw in FIDO2 but abuses a legitimate feature, prompting organizations to implement additional security measures such as geographic restrictions and Bluetooth authentication. The attack highlights evolving methods to circumvent phishing-resistant authentication systems.
Bitwarden, a popular password manager, is introducing support for passkeys in its browser extensions. Passkeys offer a more secure and convenient alternative to traditional passwords, utilizing device authentication methods such as face recognition or fingerprint scanning. This feature is being rolled out gradually, following similar support from Apple, Google, and other password managers. Passkeys are generated using WebAuthn technology, with one key stored by the website and a private key stored on the user's device. While passkeys are not yet widely supported, more websites are adopting them as a login option. Bitwarden currently supports passkeys in browser extensions but plans to add support in its mobile app in the future.
Google is prompting users to set up passkey login for their Google accounts, offering a fast, secure, and passwordless approach to logins using pin, face, or fingerprint authentication on devices. While passwords will still be part of the login process, Google aims to make passkeys the new standard. Passkeys can replace traditional passwords by utilizing device authentication methods such as Face ID, fingerprint sensors, or Windows Hello. Passkeys are stored on the device and can be backed up or reauthenticated through phone numbers, email addresses, or hardware security keys. Google has introduced passkey support across its products and many leading websites and apps also support passkeys.
Nintendo has introduced support for passkeys, a passwordless sign-in method that allows users to access their online accounts using their device's authentication methods such as fingerprint or face scan. Passkeys, built on WebAuthn technology, generate two keys - one stored by the website or service and a private key stored on the user's device. Nintendo joins other online services like TikTok, Apple, PayPal, and 1Password in offering passkey support as a more secure alternative to passwords.
Password manager 1Password has announced the general availability of passkey support, a new login technology that replaces passwords with authentication systems built into a user's own device. Users can now create, manage, and sign in to supported websites with passkeys via 1Password's mobile apps and web browser extensions. The update does not yet include the ability to replace the master password with a passkey, but that feature is expected to arrive later this year. Passkeys work by utilizing the device's authentication methods, such as Face ID or fingerprint sensors, and are built on WebAuthn technology. While passkeys are stored on the device, backup options are available in case of loss or damage. Other password managers and platforms have also added passkey support, but 1Password's Universal Sign On is touted as superior due to its cross-platform compatibility and syncing capabilities.
Apple IDs now support passkeys, which can replace traditional passwords with your device's own authentication methods. Passkeys work across multiple devices and are built on WebAuthn tech. Once created, the passkey syncs across all of your Apple devices, letting any of them use the biometric logins set up on that system to sign in with your Apple ID. Passkeys are supported on Apple.com, icloud.com, and anywhere else your Apple account is linked to, but only if you have the first beta for iOS 17, iPadOS 17, or macOS Sonoma.
Password manager 1Password has launched its public beta for passkeys, a new login technology that allows users to replace passwords with authentication systems built into their devices. Passkeys are a new type of passwordless login technology developed by the FIDO Alliance, designed to provide better security and convenience compared to traditional passwords and user verification methods like 2FA or SMS. Passkeys allow users to replace traditional passwords when logging into websites and services with their device’s own authentication methods.
