Lobsters

XSS Is Deadly for Passkeys: The Hidden Risk of Attestation None

A single XSS vulnerability can turn passkeys from a phishing-resistant login mechanism into a persistent account takeover backdoor. If malicious JavaScript can run on your page, it may be able to register an attacker-controlled passkey against the victim’s...

Security

Lobsters

Emaan Rana

I rewrote this like 3 times over the course of 7 days and spent way too long on these diagrams so hopefully this is up to snuff.

More stories

More stories load automatically as you scroll.