Tag: fido
-
FIDO Alliance wants to keep AI agents from going rogue on online payments
AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/29/fido-alliance-ai-agents-authentication-payments-standards/
-
The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards
AI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn’t a complete disaster. First seen on wired.com Jump to article: www.wired.com/story/the-race-is-on-to-keep-ai-agents-from-running-wild-with-your-credit-cards/
-
NCSC Backs Passkeys, Hailing a New Era of Sign-in
The UK’s NCSC has fully backed passkeys as consumers’ first choice for login, citing progress with FIDO and successful use across the NHS First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-backs-passkeys-new-era-of/
-
Authentication is broken: Here’s how security leaders can actually fix it
Tags: access, attack, authentication, backup, business, communications, control, credentials, cryptography, data, exploit, fido, firmware, Hardware, healthcare, identity, login, mfa, microsoft, okta, passkey, privacy, resilience, risk, soc, technology, update, windowsSector snapshots: Where it breaks (and why that matters): Healthcare. Clinicians need tap and go speed with zero tolerance for downtime. One large hospital attempted to pair advanced HID SEOS credentials, which use privacy-preserving randomized IDs, with a clinical SSO platform that expects static IDs for user recognition. This architectural mismatch forced a choice between…
-
Google Authenticator’s Hidden Passkey Design May Expose New Passwordless Attack Vectors
Google’s passkey ecosystem quietly depends on a powerful cloud-side component that changes where “passwordless trust” actually lives and that shift could open new avenues for account takeover in the real world. Most passkey discussions focus on WebAuthn and FIDO specs, but attackers care about implementations, not standards. In Google’s case, synced passkeys sit on top…
-
Swissbit Adds HID Seos to iShield Key 2, Previews PQC Platform and Face Biometrics at RSAC 2026
Swissbit is using RSAC 2026 to mark a series of real milestones for its iShield Key 2, the hardware security key the company launched last year as the first FIDO device to combine digital and physical access in a single token. The most immediately significant announcement: HID Seos support is now available. HID Seos is..…
-
Your MFA isn’t broken, it’s being bypassed, and your employees can’t tell the difference
Three failures that keep showing up: Through my research into adversary-in-the-middle attacks and reviewing industry incident reports, I have identified three consistent failures that make these attacks successful. 1. We trained our people for the wrong threat Most security awareness programs still teach the same things: Look for misspellings, check the sender address, hover over…
-
Your MFA isn’t broken, it’s being bypassed, and your employees can’t tell the difference
Three failures that keep showing up: Through my research into adversary-in-the-middle attacks and reviewing industry incident reports, I have identified three consistent failures that make these attacks successful. 1. We trained our people for the wrong threat Most security awareness programs still teach the same things: Look for misspellings, check the sender address, hover over…
-
Three Identity Security Trends Shaping 2026: Passwordless Adoption, Reactive Security, and the Rise of Identity Verification
<div cla From Identity Renaissance to the Age of Industrialization In last year’sState of Passwordless Identity Assurance report,we declared an Identity Renaissance”, the turning point where enterprises recognized that passwords and shared secrets were fundamentally broken, and began rethinking their approach to digital identity. Security leaders began exploring phishing-resistant authentication, FIDO passkeys, and stronger identity…
-
Three Identity Security Trends Shaping 2026: Passwordless Adoption, Reactive Security, and the Rise of Identity Verification
<div cla From Identity Renaissance to the Age of Industrialization In last year’sState of Passwordless Identity Assurance report,we declared an Identity Renaissance”, the turning point where enterprises recognized that passwords and shared secrets were fundamentally broken, and began rethinking their approach to digital identity. Security leaders began exploring phishing-resistant authentication, FIDO passkeys, and stronger identity…
-
Should Cloud Be Classed as Critical Infrastructure?
Tags: access, authentication, banking, breach, business, cloud, compliance, computing, container, control, cyber, cybersecurity, data, dora, encryption, fido, finance, framework, governance, Hardware, healthcare, identity, incident, infrastructure, mfa, network, nis-2, radius, regulation, resilience, risk, saas, service, strategy, supply-chain, technologyShould Cloud Be Classed as Critical Infrastructure? madhav Thu, 03/05/2026 – 09:53 Over the past few years, large-scale cloud outages have demonstrated just how deeply digital services are woven into the fabric of modern society. When widely used cloud platforms experience disruption, the impact extends far beyond individual applications; banking services stall, transport systems falter,…
-
Master Your Passwordless Future: Introducing Thales Authenticator Lifecycle Manager
Tags: access, attack, authentication, automation, breach, compliance, container, control, data, fido, Hardware, identity, login, msp, phishing, service, software, tool, zero-trustMaster Your Passwordless Future: Introducing Thales Authenticator Lifecycle Manager madhav Tue, 02/24/2026 – 07:53 The move to passwordless authentication is no longer a distant goal; it’s a present-day necessity. Organizations are rapidly adopting FIDO2 authenticators to defend against phishing and strengthen their security posture. While this shift enhances security, it introduces a new challenge: managing…
-
10 Passwordless-Optionen für Unternehmen
Um Passwörter hinter sich zu lassen, gibt es bessere Lösungen. Wir zeigen Ihnen zehn. Passwörter sind seit Jahrzehnten der Authentifizierungsstandard für Computersysteme, obwohl sie sich immer wieder aufs Neue als anfällig für diverse Cyberangriffsformen erwiesen haben und kompromittierte Benutzerkonten auf regelmäßiger Basis zum Einfallstor für kriminelle Hacker werden. Ein Mittel für CISOs, um diesem Problem…
-
Driving Passwordless Adoption with FIDO and Biometric Authentication
Tags: access, attack, authentication, awareness, banking, breach, business, cloud, compliance, container, control, credentials, cyber, data, defense, fido, finance, fraud, government, Hardware, iam, identity, insurance, login, mobile, passkey, password, phishing, risk, service, technology, threat, trainingDriving Passwordless Adoption with FIDO and Biometric Authentication madhav Tue, 01/13/2026 – 06:13 For decades, passwords have been the default mechanism for securing digital access. They are deeply embedded in enterprise systems and workflows, yet they were never designed to withstand today’s threat landscape. Cybersecurity Sarah Lefavrais – IAM Product Marketing Manager More About This…
-
Hardening browser security with zero-trust controls
Tags: access, api, authentication, automation, browser, chrome, cisa, cloud, compliance, container, control, corporate, credentials, crowdstrike, data, data-breach, detection, edr, email, encryption, endpoint, exploit, fido, finance, framework, google, governance, group, Hardware, identity, kubernetes, least-privilege, login, malicious, malware, mfa, microsoft, network, nist, okta, passkey, password, phishing, phone, risk, risk-assessment, sap, service, soar, theft, threat, tool, update, wifi, windows, zero-trust1. Identity-first access control Network proximity is now an inferior trust signal. Only federated, cryptographically verifiable identity tokens issued by centralized enterprise IdPs using OIDC or SAML are permitted as gates to corporate resources. This transition, well-documented by FIDO Alliance and Microsoft research, transfers the very concept of “inside” the organization from the network to…
-
Sovereign Data, Sovereign Access: Introducing Modern FIDO Authentication for SAS PCE
Sovereign Data, Sovereign Access: Introducing Modern FIDO Authentication for SAS PCE andrew.gertz@t“¦ Mon, 10/13/2025 – 14:53 Discover how Thales empowers enterprises with sovereign access through FIDO authentication in SAS PCE”, ensuring secure, phishing-resistant identity control for hybrid environments. Identity & Access Management Access Control Guido Gerrits – Field Channel Director, EMEA More About This Author…
-
Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days
Tags: 2fa, access, advisory, api, attack, authentication, breach, business, cisa, cisco, cloud, control, credentials, crime, cve, cyber, cybersecurity, data, defense, endpoint, exploit, fido, finance, firewall, framework, github, grc, guide, identity, incident response, infrastructure, Internet, ISO-27001, kev, law, lessons-learned, malicious, malware, mfa, mitigation, monitoring, network, open-source, phishing, privacy, ransomware, risk, saas, scam, security-incident, service, soc, software, supply-chain, tactics, threat, update, vpn, vulnerability, vulnerability-management, worm, zero-dayCISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack, patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more! Here are six things you need to…
-
Stop Panicking: The FIDO ‘Bypass’ That Never Actually Bypassed FIDO
The cybersecurity world exploded in August 2025 when SquareX dropped a bombshell at Black Hat USA: passkeys were “pwned.” Headlines screamed. Twitter erupted. CTOs panicked. But here’s what actually happened: absolutely nothing changed about FIDO’s security. The Anatomy of a Media Meltdown SquareX’s presentation, “Passkeys Pwned: Turning WebAuthn Against Itself,” sent shockwaves through enterprise security..…
-
Stop Panicking: The FIDO ‘Bypass’ That Never Actually Bypassed FIDO
The cybersecurity world exploded in August 2025 when SquareX dropped a bombshell at Black Hat USA: passkeys were “pwned.” Headlines screamed. Twitter erupted. CTOs panicked. But here’s what actually happened: absolutely nothing changed about FIDO’s security. The Anatomy of a Media Meltdown SquareX’s presentation, “Passkeys Pwned: Turning WebAuthn Against Itself,” sent shockwaves through enterprise security..…
-
Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33
It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that allows users to log in with biometrics or a hardware key. According to FIDO, over 15 billion accounts have been passkey-enabled, with 69%…
-
Downgrade Attack Allows Phishing Kits to Bypass FIDO
You probably can’t break FIDO authentication. Still, researchers have shown that there are ways to get around it. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/downgrade-attack-phishing-kits-bypass-fido
-
OAuth-Apps für M365-Phishing missbraucht
Gefälschte OAuth-Apps eröffnen Angreifern neue Wege, um Microsoft-Konten zu kapern.Bedrohungsakteure haben einen neuen, smarten Weg aufgetan, Microsoft-365-Konten zu kompromittieren. Wie Proofpoint herausgefunden hat, erstellen sie dazu zunehmend gefälschte OAuth-Anwendungen, die vertrauenswürdige Brands wie SharePoint und DocuSign imitieren. Die “Originale” dieser Apps nutzen die Identity-Plattform von Microsoft (Azure AD / Entra ID), um auf Daten aus…
-
PoisonSeed Attack Turns Out to Be Not a FIDO Bypass After All
Cybersecurity firm Expel, in an update shared on July 25, 2025, said it’s retracting its findings about a phishing attack that it said leveraged cross-device sign-in to get around FIDO account protections despite being not in physical proximity to the authenticating client device.”The evidence does show the targeted user’s credentials (username and password) being phished…
-
‘PoisonSeed’ FIDO Attack Turns Out to Be a Red Herring
Expel retracted its PoisonSeed research, in which it said attackers could circumvent FIDO security keys, and apologized for any misunderstanding. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/poisonseed-attacker-fido-keys