APPLICATIONS

Warning: Thanks to AI you must use “phishing-resistant” passkeys to replace vulnerable passwords

Photo of Real Hacker Staff Real Hacker Staff3 hours ago
1 2 minutes read
Warning: Thanks to AI you must use “phishing-resistant” passkeys to replace vulnerable passwords

Google and Microsoft have been warning users to stop using passwords to protect their accounts and use passkeys instead. What’s a passkey, you ask? It is a digital credential that allows you entry into an app or website without typing in a username and password. Instead, you use the same methods that you employ to unlock your device. For example, with a passkey you might use:
  • Biometrics: Fingerprint or facial recognition. Examples include Face ID, Touch ID, Android Fingerprint/Face Unlock, and Windows Hello.
  • PIN/Pattern: This would use the same method you use to unlock your phone with a PIN code or a pattern.
Leading American identity and access management (IAM) company Okta says that it has seen threat actors use vO, an AI tool, to develop phishing sites that impersonate legitimate sign-in web pages. Okta says that threat actors are now able to use AI to create a “functional phishing site” from a simple text prompt. “Vercel’s v0.dev is an AI-powered tool that allows users to create web interfaces using natural language prompts. Okta has observed this technology being used to build replicas of the legitimate sign-in pages of multiple brands, including an Okta customer.”

“The observed activity confirms that today’s threat actors are actively experimenting with and weaponizing leading GenAI tools to streamline and enhance their phishing capabilities. The use of a platform like Vercel’s v0.dev allows emerging threat actors to rapidly produce high-quality, deceptive phishing pages, increasing the speed and scale of their operations.”

                                               -Okta

Okta Threat Intelligence watched in real time as threat actors used the Vercel platform to host multiple phishing sites that pretended to be legitimate websites for well-known brands such as Microsoft 365 and some cryptocurrency firms. Using AI to create these bogus websites means that the old red flags, such as spelling and grammatical mistakes, can no longer be used to warn you of a phishing attack.

Even two-factor authentication (2FA) can’t be counted on to protect you. The best defense is to add passkeys to any account where it is an option and, if possible, eliminate the use of passwords for those accounts that allow you to do so. If you must use a password on an account, make it unique, long, and back it up with non-SMS 2FA.

Grab Surfshark VPN now at more than 50% off and with 3 extra months for free!

Secure your connection now at a bargain price!

We may earn a commission if you make a purchase


Check Out The Offer

Read the latest from Alan Friedman


Source link

Tags
Photo of Real Hacker Staff Real Hacker Staff3 hours ago
1 2 minutes read
Photo of Real Hacker Staff

Real Hacker Staff

Related Articles

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

February 7, 2025
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

January 9, 2025
Australian kids who should be banned from these apps access them with this simple trick

Australian kids who should be banned from these apps access them with this simple trick

February 20, 2025
RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control

RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control

April 30, 2025
Back to top button