APPLICATIONS

Warning: Thanks to AI you must use “phishing-resistant” passkeys to replace vulnerable passwords

Photo of Real Hacker Staff Real Hacker Staff17 hours ago
3 2 minutes read
Warning: Thanks to AI you must use “phishing-resistant” passkeys to replace vulnerable passwords

Google and Microsoft have been warning users to stop using passwords to protect their accounts and use passkeys instead. What’s a passkey, you ask? It is a digital credential that allows you entry into an app or website without typing in a username and password. Instead, you use the same methods that you employ to unlock your device. For example, with a passkey you might use:
  • Biometrics: Fingerprint or facial recognition. Examples include Face ID, Touch ID, Android Fingerprint/Face Unlock, and Windows Hello.
  • PIN/Pattern: This would use the same method you use to unlock your phone with a PIN code or a pattern.
Leading American identity and access management (IAM) company Okta says that it has seen threat actors use vO, an AI tool, to develop phishing sites that impersonate legitimate sign-in web pages. Okta says that threat actors are now able to use AI to create a “functional phishing site” from a simple text prompt. “Vercel’s v0.dev is an AI-powered tool that allows users to create web interfaces using natural language prompts. Okta has observed this technology being used to build replicas of the legitimate sign-in pages of multiple brands, including an Okta customer.”

“The observed activity confirms that today’s threat actors are actively experimenting with and weaponizing leading GenAI tools to streamline and enhance their phishing capabilities. The use of a platform like Vercel’s v0.dev allows emerging threat actors to rapidly produce high-quality, deceptive phishing pages, increasing the speed and scale of their operations.”

                                               -Okta

Okta Threat Intelligence watched in real time as threat actors used the Vercel platform to host multiple phishing sites that pretended to be legitimate websites for well-known brands such as Microsoft 365 and some cryptocurrency firms. Using AI to create these bogus websites means that the old red flags, such as spelling and grammatical mistakes, can no longer be used to warn you of a phishing attack.

Even two-factor authentication (2FA) can’t be counted on to protect you. The best defense is to add passkeys to any account where it is an option and, if possible, eliminate the use of passwords for those accounts that allow you to do so. If you must use a password on an account, make it unique, long, and back it up with non-SMS 2FA.

Grab Surfshark VPN now at more than 50% off and with 3 extra months for free!

Secure your connection now at a bargain price!

We may earn a commission if you make a purchase


Check Out The Offer

Read the latest from Alan Friedman


Source link

Tags
Photo of Real Hacker Staff Real Hacker Staff17 hours ago
3 2 minutes read
Photo of Real Hacker Staff

Real Hacker Staff

Related Articles

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

February 1, 2025
Changes to orientation and resizability APIs in Android 16

Changes to orientation and resizability APIs in Android 16

January 23, 2025
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

May 15, 2025
Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

April 18, 2025
Back to top button