Researchers at enterprise browser security firm SquareX have demonstrated an attack method that can be used to gain access to an account protected by passkeys.
Passkeys are designed to provide a more secure alternative to passwords, enabling users to log into their account based on a private key stored on the device. Users can sign in using various authentication methods, including PIN, facial recognition, or fingerprint scan.
Passkeys are increasingly adopted and recommended by major tech companies such as Microsoft, Amazon, and Google.
https://www.securityweek.com/passkey-lo ... ipulation/