Do you dream of it? A future where you no longer need to remember passwords. That dream is getting closer. Last year, we talked about the future of passwords. One of the most significant developments is the introduction of Passkeys. We see that this new form of authentication is being implemented by more and more organizations. Maybe you are already exploring this yourself and have some questions. The most important ones might be: What are the advantages of Passkeys compared to ‘normal’ passwords? And what are the risks for organizations when implementing Passkeys? We have extensively researched these questions. And sharing is caring, so we are happy to share the results of the research on this new way of logging in with you in this blog.
What are Passkeys?
As technology continues to develop, unfortunately, cybercriminals do not stand still either. They continuously try to deceive you and steal your password. Moreover, it is a real challenge to keep creating and remembering unique and strong passwords. The result: passwords end up on pieces of paper in a drawer, in the notes on your phone, or you simply keep clicking ‘forgot password’. With the rise of the latest authentication technology, Passkeys, this is a thing of the past.
Passkeys ensure that users can log in to apps and websites, also known as 'relying parties', without using passwords. This phenomenon is also known as 'passwordless login'. Instead of using a password, a user confirms their identity with a hardware authenticator, such as a fingerprint reader or facial recognition. You can compare it to unlocking your phone. This way, you log in quickly, securely, and without hassle. And remembering passwords is no longer necessary.
Although the use of Passkeys is not yet widespread, major players such as Apple, Google, Amazon, eBay, Microsoft, PayPal, WhatsApp, and TikTok are already using this technology. It is likely that many well-known companies will quickly follow suit.
How exactly does a Passkey work?
For each website or application, two keys are created: a public key and a private key. You can think of this as a code consisting of letters and numbers. The public key is known to the website or app where you are logging in. The private key is linked to your personal device (such as your phone or laptop). The combination of these keys allows you to log in. If your public key gets exposed through a data breach, there’s no problem. Without your private key, a hacker can't do anything.
We will guide you through the advantages that Passkeys offer compared to traditional passwords. But, as you would expect from Computest Security, we will also discuss the potential risks of Passkeys in detail. More on this later.
Advantages of Passkeys compared to passwords
Passkeys offer several security advantages over traditional passwords. We have listed the most important ones for you:
- Resistant to password guessing: Users often choose relatively short, easy-to-guess passwords. Something like Nameofchild123! or Streetnamehousenumber*… this happens more often than you think. Passkeys are so long that it’s impossible to guess them.
- Prevents password reuse: Users often reuse the same passwords for different applications. This can happen to the best of us, but it’s certainly not ideal. This means that if one application is hacked, the attacker gains direct access to all applications where the same password is used. A Passkey prevents this danger.
- Protection against phishing attacks: In a phishing attack, a user unintentionally enters their real password on a deceptive website created by a cybercriminal. This doesn’t work with Passkeys; the keys we mentioned earlier only work on the URL of the real app or website. This prevents phishing. Sounds much safer, doesn’t it?
Risks of passkeys
Thanks to these advantages, we expect that many organizations will soon support Passkeys. However, as with any innovation, there are also security risks involved. WebAuthn, the protocol on which Passkeys are based, is inherently very secure. But it must be correctly implemented by the supporting application. The protocol is complex and includes numerous checks that must be correctly performed. If this does not happen, it can lead to attacks where random, unsuspecting users' accounts can be accessed.
Let’s look at the risks of Passkeys:
- Missing signature check: Each authentication request contains data signed by a private key generated by the authenticator. This signature must be verified by the relying party. If this check is not performed, an attacker can log in as any user.
- Origin confusion: An attacker can invite a victim to visit a malicious relying party, say evil.com, and ask them to log in with the Passkey of the real relying party. The attacker can then forward the login attempt to the real website and log in as the user. To prevent this attack, a relying party must always check the Origin specified during the login attempt. Fortunately, this risk is minimized because correctly implemented authenticators also perform a double check on such attacks by verifying the Origin on their side.
- Missing checks for 'user presence' and 'user verification': With each authentication attempt, authenticators add flags for 'user presence' (is the user present during authentication) and 'user verification' (is the user verified, for example, via a PIN or fingerprint). Relying parties must verify the presence of both flags.
- Cross-site request forgery attacks: In this type of attack, an attacker tricks the victim’s browser into authenticating or registering on the attacker’s behalf. If this type of attack can be applied to the functionality of adding a new Passkey to an existing account, it can allow an attacker to take control of the user’s account. The attacker could then add their own Passkey to the victim’s account. WebAuthn is not designed to protect against such vulnerabilities by default, so it is important to implement separate protections against this type of attack.
- Missing counter check: To prevent the cloning of authenticators, authenticators send a signature counter that increments with each authorization request. If a relying party receives signature counters that do not increment (e.g., 17-11-18), it knows it is dealing with a cloned authenticator. Skipping this check makes it easier for attackers to use cloned authenticators.
Practical risks
Not only have we identified the risks associated with Passkeys, but we have also examined to what extent these problems actually occur in practice. We investigated five relying parties. During the investigation, we found one relying party vulnerable to Origin confusion, while three other parties did not correctly verify user presence and verification. We also encountered an application with a missing signature counter. Naturally, we informed the affected parties about the discovered vulnerabilities and provided solutions to resolve the identified issues.
Implementing Passkeys safely in your organization
We see a promising future where more and more organizations will use Passkeys. Are you curious if your organization is using Passkeys securely? At Computest Security, we can conduct a comprehensive security assessment to evaluate the safety of your implementation. Don’t hesitate to contact our WebAuthn specialists via our contact form for more information or email info@computest.nl.
Research in collaboration with a talented student
At Computest Security, we encourage innovation in security technologies. In collaboration with academic institutions, we support research into new developments, such as Passkeys. Over the past six months, Peizhou Chen from the University of Twente has conducted his master’s thesis on this topic at Computest Security under the supervision of Matthijs Melissen.
Dive deeper into the details
All information about the research is detailed in Peizhou Chen’s master’s thesis, available via this link. At Computest Security, we are proud of our collaboration with academic institutions to support research on current cybersecurity topics.