Google Workspace setzt mit Device Bound Session Credentials (DBSC) eine Technologie gegen die Übernahme von Session Cookies ein und verhindert somit einen Identitäts-Diebstahl 💯. #DBSC gegen Identitäts-Diebstahl, #Passkeys gegen Phishing-Angriffe.

https://workspace.google.com/blog/identity-and-security/defending-against-account-takeovers-top-threats-passkeys-and-dbsc/

Anyone looked at Device Bound Session Credentials and figured out how they ensure you are actually dealing with a device bound key?

As long as there isn't any pre-established trust to some hierarchy then I assume you can just fake the key creation?

#TPM #DBSC #Security

A biometrics news website called Biometric Updates published an article yesterday about a recent FIDO Alliance webinar that I and @chrisanderson appeared on! We talked about achieving end-to-end passwordless with digital credentials, passkeys, and device-bound session token protections:

https://www.biometricupdate.com/202407/ideal-authentication-solution-boils-down-to-using-best-tools-to-stop-attacks

I'm over the moon this morning that someone was inspired enough by what we had to say to take the time to write about it!

Happy Thursday, everyone 🤩

#passkeys #fidoalliance #digitalcredentials #dbsc