Bleeping Computer

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and ...
Hosted on MSN

Hackers can bypass FIDO MFA keys, putting your accounts at risk - here's what we know

A phishing campaign spotted trying to work around FIDO keys The "cross-device sign in" feature triggers a QR code Crooks can relay the QR code to bypass MFA and log in Hackers have found a way to ...
Hosted on MSN

What is a passkey authenticator? Only the key to our passwordless tomorrow

Passkeys are on a course to replace most passwords. Using passkeys involves a delicate balance of multiple technologies. The "authenticator" is one of those, and it comes in multiple types. In ZDNET's ...
Dark Reading

'PoisonSeed' FIDO Attack Turns Out to Be a Red Herring

Last week, researchers at Expel detailed a type of phishing attack dubbed "PoisonSeed" that they said could have used cross-device authentication to circumvent a FIDO passkey protected login. But this ...
Ars Technica

Phishers have found a way to downgrade—not bypass—FIDO MFA

Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor authentication scheme based on FIDO (Fast Identity Online), the industry-wide standard being ...
CSOonline

Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out

With use of multi-factor authentication rising, end-users can find themselves fiddling with codes and authentication apps frequently throughout their days. For those who rely on Microsoft ...
Redmond Magazine

Microsoft Highlights Certificate-Based Authentication and FIDO2 Security Advances

Microsoft cited progress on enabling phishing-resistant authentications for organizations, in a Friday announcement. The announcement highlighted FIDO2 preview support for iOS and MacOS apps, ...