Unpacking Passkeys Pwned: Possibly the Most Specious Research in Decades

Posted4 months agoActive4 months ago

Original: Unpacking Passkeys Pwned: Possibly the most specious research in decades

ksec

3 points

2 comments

arstechnica.comSecuritystory

heatednegative

Debate

80/100

PasskeysSecurity ResearchDigital Authenticity

Key topics

Passkeys

Security Research

Digital Authenticity

Discussion Activity

Light discussion

First comment

Peak period

0-3h

Avg / period

Key moments

01Story posted
Aug 30, 2025 at 11:43 AM EDT
4 months ago
Step 01
02First comment
Aug 30, 2025 at 12:43 PM EDT
1h after posting
Step 02
03Peak activity
1 comments in 0-3h
Hottest window of the conversation
Step 03
04Latest activity
Sep 1, 2025 at 9:09 AM EDT
4 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (2 comments)

Showing 2 comments

rini17

4 months ago

1 reply

I'm confused why it's specious? Sounds like "compromised browser stopped being compliant with FIDO spec, hence the exploit does not exist", now that's quite a specious claim.

drweevil

4 months ago

Agreed. Passkeys are not as simple and straightforward as their proponents make them out to be. They are device and vendor dependent. They'll work with one browser, but perhaps not another one. Or device. Or app/web-site. Or password vault. This introduces a level of confusion that can be exploited by an attacker when a naive user is trying to set one up. "Hey, I've got a browser plugin that will make it work for you!" Oops.

For now I'll continue opting for a strong password with a TOTP 2FA. TOTP (RFC 6238) doesn't have any of the device dependency and vendor issues listed above. It's simple and straightforward, something I can grok well enough to stay safe.

View full discussion on Hacker News

ID: 45075589Type: storyLast synced: 11/17/2025, 8:01:31 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN