In this article I describe a potential attack against many Webauthn (i.e. passkeys or hardware security keys) implementations, that I'm calling an Authentication Method Redaction (AMR) attack.

https://www.esentire.com/blog/securing-passkeys-thwarting-authentication-method-redaction-attacks

#passkeys #webauthn #authentication #evilginx #phishing #mfa