PodParley PodParley
PodParley
Phishing for Passkeys: An Analysis of WebAuthn and CTAP (god2025) episode artwork

EPISODE · Nov 26, 2025 · 19 MIN

Phishing for Passkeys: An Analysis of WebAuthn and CTAP (god2025)

from Chaos Computer Club - recent events feed (low quality) · host Michael Kuckuk

WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach more widespread adoption. This presentation discusses the security of passkeys against phishing attacks. It explains the possibilities for an attacker to gain access to accounts secured with passkeys using spear phishing, and what conditions must be met for this to happen. It also practically demonstrates such an attack and discusses countermeasures. Participants will learn which WebAuthn security principles still apply to passkeys and which do not. They will learn why passkeys are no longer completely phishing-proof and how they can evaluate this consideration for their own use of passkeys. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de

What this episode covers

WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach more widespread adoption. This presentation discusses the security of passkeys against phishing attacks. It explains the possibilities for an attacker to gain access to accounts secured with passkeys using spear phishing, and what conditions must be met for this to happen. It also practically demonstrates such an attack and discusses countermeasures. Participants will learn which WebAuthn security principles still apply to passkeys and which do not. They will learn why passkeys are no longer completely phishing-proof and how they can evaluate this consideration for their own use of passkeys. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de

NOW PLAYING

Phishing for Passkeys: An Analysis of WebAuthn and CTAP (god2025)

0:00 19:24

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

The Boys Podcast Season 5 Episode 3

Apr 21, 2026 ·73m

Daredevil Born Again 205 Review

Apr 18, 2026 ·95m

Invincible Season 4 Episode 7 Review

Apr 15, 2026 ·55m

The Boys Podcast Season 5 Episode 2

Apr 13, 2026 ·68m

Invincible Season 4 Episode 6 Review

Apr 11, 2026 ·59m

The Boys Podcast Season 5 Episode 1

Apr 9, 2026 ·66m

Similar Podcasts

LIGHTS, CAMERA, SMILE! Creatives Club Media Lights, Camera, Smile, is a podcast for anyone with a dream to share something with the world, out of the overflow of themselves - be it their mind, their heart, their personalities, and much more. Each of us are alive in this moment in time, with an innate ability to have ideas and create various things to benefit both ourselves and the people around us for a reason, and here, you will find the encouragement, the inspiration, and the motivation to do just that. Hosted by Cicily, founder of Creatives Club, she dives into various topics surrounding creativity and business. Exploring entrepreneurship for creatives in a corporate reality, sharing tips and tricks in a media centered company, answering questions regarding what a creative actually is are just a few of the things discussed on this podcast. Be encouraged to create for yourself as Cicily gets vulnerable by pivoting the camera to herself for the first time.To submit questions for Cicily to answer, or have her address certain t The PFN Cincinnati Bengals Podcast Pro Football Network The PFN Cincinnati Bengals Podcast is where you can stay up-to-date with the latest news and analysis on the Cincinnati Bengals! Our hosts, industry experts Jay Morrison and Dallas Robinson, provide weekly coverage of all the latest rumors and updates about the Bengals. Don’t forget to follow the show to receive new episodes directly in your podcast feed and leave a rating and review to let us know your thoughts. Piramidi Club The Bitcoin Butcher La Migliore Pizza di Firenze 🎙️Truth and Testimony the Broadcast Ray Gauthier & Adrian Scott This Podcast discusses and teaches the word of God. You will hear about world news and how it relates to bible prophecy. You will also hear interviews and testimonies from men and women of God who have devoted their lives to serving Yeshua (Jesus). Hosted by Ray Gauthier and Adrian Scott. These two long term broadcast colleagues have joined forces once again to provide you the highest quality in broadcast excellence, all for the glory of Yahweh: the God of all creation!You can see most of the podcasts uploaded here at our Youtube Channel.https://www.youtube.com/@truthandtestimonythebroadcast

Frequently Asked Questions

How long is this episode of Chaos Computer Club - recent events feed (low quality)?

This episode is 19 minutes long.

When was this Chaos Computer Club - recent events feed (low quality) episode published?

This episode was published on November 26, 2025.

What is this episode about?

WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were...

Can I download this Chaos Computer Club - recent events feed (low quality) episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!