Warning: Thanks to AI you must use "phishing-resistant" passkeys to replace vulnerable passwords

GenAI can help attackers create phishing websites that look more legitimate than ever before.

0comments
A skull is created by typing certain words related to software attacks n a computer screen.
Google and Microsoft have been warning users to stop using passwords to protect their accounts and use passkeys instead. What's a passkey, you ask? It is a digital credential that allows you entry into an app or website without typing in a username and password. Instead, you use the same methods that you employ to unlock your device. For example, with a passkey you might use:

  • Biometrics: Fingerprint or facial recognition. Examples include Face ID, Touch ID, Android Fingerprint/Face Unlock, and Windows Hello.
  • PIN/Pattern: This would use the same method you use to unlock your phone with a PIN code or a pattern.

Since no username or password is employed, the attackers can't use a stolen password to gain entry into your account. For example, if you're using a passkey, there are no two-factor authentication codes that can be stolen. It's phishing resistant. says one online publication that writes often about online attacks and how best to protect yourself. With new tools popping up for the attackers every day, you best believe that security remains important.

Will you replace passwords with passkeys?


Leading American identity and access management (IAM) company Okta says that it has seen threat actors use vO, an AI tool, to develop phishing sites that impersonate legitimate sign-in web pages. Okta says that threat actors are now able to use AI to create a "functional phishing site" from a simple text prompt. "Vercel’s v0.dev is an AI-powered tool that allows users to create web interfaces using natural language prompts. Okta has observed this technology being used to build replicas of the legitimate sign-in pages of multiple brands, including an Okta customer."

                                               -Okta

Okta Threat Intelligence watched in real time as threat actors used the Vercel platform to host multiple phishing sites that pretended to be legitimate websites for well-known brands such as Microsoft 365 and some cryptocurrency firms. Using AI to create these bogus websites means that the old red flags, such as spelling and grammatical mistakes, can no longer be used to warn you of a phishing attack.

Recommended Stories
Even two-factor authentication (2FA) can't be counted on to protect you. The best defense is to add passkeys to any account where it is an option and, if possible, eliminate the use of passwords for those accounts that allow you to do so. If you must use a password on an account, make it unique, long, and back it up with non-SMS 2FA.

Grab Surfshark VPN now at more than 50% off and with 3 extra months for free!

Secure your connection now at a bargain price!


We may earn a commission if you make a purchase

Check Out The Offer
Did you enjoy this article?
Еxplore more with a FREE members account.
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Manage your newsletter choices
Register For Free
Loading Comments...

Latest Discussions

by Doug Fresh 123 • 4

Recommended Stories

FCC OKs Cingular\'s purchase of AT&T Wireless