The War on Passwords Is One Step Closer to Being Over
“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Sophisticated attack breaks security assurances of the most popular FIDO key. The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday. The cryptographic flaw, known as a side channel, resides in a small microcontroller used in a large number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, such as the SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.
Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins
Faster, easier and more secure sign-ins will be available to consumers across leading devices and platforms Mountain View, California, MAY 5, 2022 – In a joint effort to make the web […]
Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins
Faster, easier and more secure sign-ins will be available to consumers across leading devices and platforms Mountain View, California, MAY 5, 2022 – In a joint effort to make the web […]
Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins
Faster, easier and more secure sign-ins will be available to consumers across leading devices and platforms Mountain View, California, MAY 5, 2022 – In a joint effort to make the web […]
