Unpacking Passkeys Pwned: Possibly the most specious research in decades

SquareX, a startup selling security services, published research claiming to have found a "major passkey vulnerability" that challenges the security of passkeys used by major companies like Apple, Google, and Microsoft. The research, titled "Passkeys Pwned," was presented at Defcon and involves a malicious browser extension that can hijack the passkey creation process for sites like Gmail and Microsoft 365. The article warns readers to be cautious of such marketing-driven research and not to believe all security claims at face value.