Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices that force them to give up credentials.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

Adversary-in-the-middle (AitM) attacks can compromise GitHub, Microsoft, and other online accounts by stripping out passkey options from login pages, forcing users to revert to less secure authentication methods. The issue lies in the implementation of passkeys and the necessity for backup authentication options. Attackers can manipulate HTML, CSS, and JavaScript in login pages to hide passkey options, leaving users vulnerable. Security researchers recommend using additional layers of security, such as magic links, and encouraging multiple passkeys to mitigate these attacks.

Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication

GitHub, Microsoft Passkey Implementations Susceptible to Attack

How Enterprises Can Prevent Compromise From Passkey Redaction