ADVERTISEMENT

Created a passkey? Hackers can bypass it using a simple downgrade attack

Passkeys are touted as a phishing-resistant and secure way to access accounts without entering usernames and passwords. However, Proofpoint security researchers warn that phishers can bypass this authentication method altogether and downgrade it to the older password-based authentication.

passkeys

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Aug 12, 2025 2 min read
ADVERTISEMENT

Step by step: how does the attack work?

microsoft-entra-id
microsoft-entra-id2
ADVERTISEMENT