Update to my July 21 post “PoisonSeed: Cross-Device Authentication Shouldn’t Allow Authentication on a Fraudster’s Device.” FIDO’s cross-device authentication is NOT inherently insecure.
From Chris Burt at Biometric Update:
“A reported passkey vulnerability has been walked back, and FIDO is recommended as the fix to the vulnerability of “phishable” MFA wreaking havoc on corporate networks around the world.
“The PoisonSeed attack reported by security company Expel earlier this month does not give access to protected assets, if the FIDO Cross-Device Authentication flow is properly implemented.”
Proper implementation and configuration is essential.
Bredemarket 
1 Comment