The Google passkeys threat model
So let's pull this together. Google says:
"When you create a passkey on a device, anyone with access to that
device and the ability to unlock it, can sign in to your Google
Account."
They then suggest keeping physical control of your devices is easier
than watching for phishing attempts.
The reality is that every day many phones are stolen and successfully
unlocked (or are already unlocked when stolen) by thieves. We've seen
the reports lately of iPhone users being totally locked out of their
Apple accounts when thieves reset security keys -- and Apple can't help.
But whether Android or iPhone, the bottom line is that as I understand
this, stolen unlocked phones using passkeys for account security give
the thieves complete access to those accounts, until such a time as the
rightful owner manages to revoke them -- which could be hours in many
situations out in public, far too late.
To me, this is putting too much faith in the physical security
of the devices, when we KNOW that every day many are stolen, unlocked,
and abused. Having passkeys in such situations could make even more
accounts instantly vulnerable, given that the passkeys wouldn't need
additional authentication to be used by the thief in these scenarios.
L
- - -
--Lauren--
Lauren Weinstein
[email protected] (https://www.vortex.com/lauren)
Lauren's Blog: https://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Mastodon: https://mastodon.laurenweinstein.org/@lauren
T2: https://t2.social/laurenweinstein
Founder: Network Neutrality Squad: https://www.nnsquad.org
PRIVACY Forum: https://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility
Tel: +1 (818) 225-2800
_______________________________________________
pfir mailing list
https://lists.pfir.org/mailman/listinfo/pfir
