Is there any reason an attacker (via phishing / a fake login screen) can't generate a login session for a user authenticating with one of the various FIDO protocols?

This page summarizes the projects mentioned and recommended in the original post on /r/cybersecurity
Windows Security access-tokens security-tools

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • TokenUniverse

    An advanced tool for working with access tokens and Windows security policy.

    • Attacker also tricks user into executing malware locally, compromising the device being used, let's say with Admin privs on Windows, but not SYSTEM. Privileges in Windows get complicated, I don't want to get too deep into the weeds with specifics here. Maybe this local access makes a difference, maybe it doesn't. This is the only difference between Scenarios 1 & 2.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts