Problematic Passkey Parley

There were also several discussions at both conferences about FIDO2.  I am sure this section will probably be the most divisive of my discussion, but I will do my best to navigate the issues presented at the conferences.  Namely, some strong accusations have been made around the security of passkeys and of hardware authenticators, and I feel like we should unpack them.

Phishing Synchronized Passkeys

Two of the talks focused on passkeys specifically.  Chad Spensky, Ph. D., discussed a potential avenue for phishing synchronized passkeys in his talk “Your Passkey is Weak: Phishing the Unphishable” (slides available at https://yourpasskeyisweak.com/).  Specifically, if an attacker can perform a successful phishing attack to access the service acting as the synchronization fabric for the passkeys (e.g. Google Password Manager) then they have access to everything they need to replicate the passkey.  This is obviously problematic, as an attacker who gains the metaphorical keys to the kingdom in this way can then access anything that relies on these passkeys.  A second talk, titled “Passkeys Pwned: Turning WebAuthn Against Itself ” by Shourya Pratap Singh, Jonny Lin, and Daniel Seetoh explores a similar path (slides available at https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Shourya%20Pratap%20Singh%20Jonny%20Lin%20Daniel%20Seetoh%20-%20Passkeys%20Pwned%20Turning%20WebAuthn%20Against%20Itself.pdf).  The team discusses additional avenues for phishing, such as through a malicious browser extension.  The results, unsurprisingly, are the same as Dr. Spensky’s – the user’s passkeys are compromised through what was an assumed-trusted path, and all is lost.

Browser Security and User Manipulation

These two talks, taken in totality, should tell us nothing particularly new as practitioners of identity.  If we drink the Kool-Aid and accept the statement that “identity is the new perimeter”, then we might also consider that the browser is the new doorway.  As an information-focused society, some among us rely more on our browser software being secure than we do our houses being secure.  While phishing is increasingly the easiest way with which an attacker may access a system, if these are accepted as “vulnerabilities” then we too must accept the successful hijacking of an access token generated through an OIDC flow as a vulnerability.  While they are both vulnerabilities, what are the actual issues?  The actual issues at play here are browser security, and user manipulation.  The point here is that a given protocol, program, or defined process has a specific scope – every link in the chain needs to be secure.

Limits of Synchronized Passkeys

Further, the security model of synchronized passkeys predicates that they should not be used by individuals who are attempting to maximize security.  Enterprises and individuals potentially targeted by nation states should carefully consider the usage of synced credentials when determining the blast radius of a given system’s compromise.  An enterprise or particularly concerned enterprise should seek to conform to more stringent qualifications (such as NIST 800-63’s Authenticator Assurance Level 3) and perhaps consider device-bound passkeys when deciding authentication strategies.  Additionally, organizations permitting account recovery or account modifications should do real auditing on their workflows to ensure that real users have the edge over attackers when adding new passkey credentials to an account, or when seeing a passkey login behave strangely.  There is a lot more that could be said here around the security of related systems and passkeys, and I will leave that to those of you who wish to passionately discuss those points in these newsletters.

API Confusion in FIDO2

There was, notably, a third talk brought forward by Marco Casagrande and Daniele Antonioli discussing API confusion issues within FIDO2 (paper can be found at https://arxiv.org/pdf/2412.02349).  Specifically, they focused on issues in the CTAP protocol – issues that exist regardless of the method that CTAP moves over (such as NFC or Bluetooth) and impact both CTAP1 (what we used to call U2F) as well as CTAP2.  Some of the notable issues brought forward through their research are the ability to force lockouts of hardware tokens, force factory reset of these tokens, fill credential storage for these tokens, and profile the underlying authenticator (to potentially compromise the token, or to track the user).

The Hardware Token Catch

While this class of attack is not as flashy as the phishing demos given by the two teams above, it does demonstrate a very real need for physical security for hardware keys!  These attacks are potentially brutal, but they require proximity.  Given the effective range of these attacks can be measured in feet, an attacker (or accomplice) either needs to be targeting the holder of the security key specifically or needs to construct a device to passively brick hardware tokens.  An interesting note is that in Dr. Spensky’s talk a mitigation route that was presented was to use hardware tokens – it turns out that even the best laid plans of security researchers often go awry.

Identity Practitioners and AI

If you were still sleeping on LLMs, Generative Image Models, and other generative models, you have overslept.  Identity practitioners of all stripes should now be taking time to understand and experiment with the tools available to them in this space – as well as the extremely complex security and privacy concerns that come from them.  There were many talks focused on this intersection of security and AI from multiple perspectives, and I feel like we should unpack some of them.

Apple Intelligence and On/Off-Device Risks

One such talk was Yoav Magid’s talk on Apple Intelligence (article available at https://www.lumia.security/blog/applestorm), a complex dance of on-device model usage versus off-device data transport occurs depending on what is requested.  These requests, while seemingly inoffensive, can transfer sensitive data to servers not under your organization’s control with no means to know when and where this will occur.  The adoption of Agentic AI by consumers will muddy these waters; we as identity practitioners will need to keep in mind the ramifications of telling an AI agent they are allowed to do something on behalf of a user.

Enterprise AI Exploitation and Guardrail Weaknesses

In another talk called “AI Enterprise Compromise – 0click Exploit Methods”, Michael Bargury and Tamir Ishay Sharbat drove home some pretty powerful and concerning points around the new frontier of abusing enterprise-oriented AI (articles around this available at https://labs.zenity.io/p/hsc25).  Some particularly salient concepts from their talk are that LLMs as designed “are doomed to complete”- that is to say that they cannot dissent to a properly crafted request, and guardrails are simply soft boundaries that can be worked around through careful prompt design.  A more nuanced, careful approach needs to be taken to clearly define what agentic AI can or cannot get to.

AI as an Offensive Security Tool

The final theme of the two conferences was the synthesis of AI into not only adjacent tasks, but society.  Brendan Dolan-Gavitt presented a very compelling talk (“AI Agents for Offsec with Zero False Positives”, you can see an unfortunately light on details article at https://www.darkreading.com/vulnerabilities-threats/ai-based-pen-tester-top-bug-hunter-hackerone) around how to ask LLMs to work as an attacker – moving against an established system to red team on your behalf.  The results speak for themselves, with over 174 vulnerabilities reported (22 CVEs issued at time of talk, with the rest pending).  This sort of embrace of AI as co-conspirator is not necessarily revolutionary, but it is iteratively necessary.  

Thinking Like a Hacker in the Age of AI

A second talk, perhaps much further ahead than Dolan-Gavitt’s in terms of the impact of AI but less technical, was the talk given by Richard “neuralcowboy” Thieme titled “Thinking Like a Hacker in the Age of AI”.  Thieme, through his 45 minutes, discussed how technology and the means by which we pursue mastery have evolved rapidly.  To quote him, “Many of the current disciplines, now named, did not exist only 10 or 20 years ago.  And experts in them cannot keep up with all the materials published in their own areas of expertise”.  

Community and Shared Burden

I, as a humble systems integrator at an identity vendor, especially feel this sting – new advancements in the field seem to occur daily, and there is a fatigue that is generated by attempting to keep up by myself.  How comforting it is, then, to have a space such as IDPro from which I can have some of that cognitive burden of continual pursuit lifted – not because I or any one of our practitioners are somehow less motivated – but precisely because everyone is so motivated.  By knowing the value and depth the organization provides, we make each other better.

As our industry further synthesizes with generative models and a whole host of new disciplines arise from it, we as practitioners will need to be mentally flexible.  We will need to be continually curious.  We must keep shifting the context in which we engage with technology, such that it is with passion and intent.  We must keep shifting context such that we are no longer mere operators in these systems.  We must keep shifting context such that we become and remain creators and active participants in these systems.  As technologists and humans, we cannot afford to do otherwise.

Disclaimer: The views expressed in the content are solely those of the author and do not necessarily reflect the views of the IDPro organization.

Author

Rusty Deaton has been in Identity and Access Management for over a decade. He began in technology as a technical support engineer for a Broker-Dealer and has since worked across many industries, carrying forward a passion for doing right by people. When not solving problems, he loves to tinker with electronics and read. He currently works as Federal Principal Architect for Radiant Logic.

The post Blackhat and Def Con 2025 Thoughts appeared first on IDPro.

If you’re like many others, you might be confusing syncing passkeys and Credential Exchange (CX). (Note: Device-bound passkeys are not affected by these specifications). Before we spiral into hypothetical doom scenarios, let’s get one thing straight: this is not about syncing. It’s not about making passkeys magically work across all your devices and all your platforms, like some universal login pixie dust. This is about something much more specific, much more niche, and arguably much more important for long-term user control and ecosystem interoperability.

Let’s talk about Credential Exchange (CX).

What is Credential Exchange

CX is a point-in-time migration protocol, not a sync protocol. If you’ve ever tried to leave one password manager for another, you probably remember the painful steps: exporting a CSV, crossing your fingers that nothing gets corrupted, and importing the file only to realize half your entries didn’t map correctly. Oh, and that CSV? Probably sitting unencrypted in your downloads folder.

The CX family of specifications was designed to fix that.

The CX family has both a schema specification and a protocol specification for securely moving passkeys (and other credentials and items you’d typically find in a credential manager) from one credential manager to another. Think: moving from Apple Passwords to Bitwarden, or Google Password Manager to 1Password. The goal is to eliminate the plain-text mess and standardize the fields so that you can actually preserve metadata like tags, notes, and usage history during a migration.

Again, because this keeps getting misunderstood, this is not a continuous cross-platform sync model. There’s no background process constantly pushing updates to different ecosystems. The user must initiate the migration from one credential manager to another. They can do this as many times as they want.

Why This Matters (Even if Most People Will Never Use It)

Let’s be honest: the regular person (hi, Mom!) will never touch CX. Most people will stick with whatever ecosystem their phone gives them—Apple, Google, whatever—and never think twice.

But for those who do care—those who worry about vendor lock-in, future-proofing access, or trust boundaries between providers—this matters a lot.

Imagine a world where:

• You’re done with Apple and want to move everything to 1Password.
• Your credential manager of choice is shutting down.
• You want to archive your credentials in a way your estate executor can actually access.

These aren’t everyday scenarios, but they’re real. And right now, they’re painful. CX gives us a clean, interoperable way to move between providers without compromising security (or sanity).

What Could Possibly Go Wrong?

Plenty. Like any tool, CX can be misused.

One of the concerns floating around is that CX could become another attack vector. Bad actors could convince users to “migrate” credentials to a malicious app, and if that app poses as a legitimate destination, it could harvest the user’s entire credential set. The threat model here isn’t fully defined yet—though it probably looks like how attackers already trick people into exporting or copying passwords from their managers—but it’s worth watching closely. OS platforms do have mitigations in place for dealing with malicious apps, before and after they are installed (e.g., Google Play Protect, app store review, etc), so mitigations are already in place.

From the relying party (RP) side, one of the issues here isn’t security as much as it is user experience and reliability. Some services today rely on hints from the credential manager (like “this credential lives in the Apple ecosystem”) to drive helpful UX choices. But once CX is in play, those hints can quietly become stale. A credential that once lived in one ecosystem may have been exported elsewhere, and the RP has no way of knowing. There are future plans to enable providing these hints when passkeys are used as well (not just during creation), which should alleviate these concerns.

This isn’t a CX design flaw. But it is a consequence of treating ecosystem-specific metadata as a proxy for where a credential lives, rather than what the protocol actually guarantees. As more users gain the ability to migrate their credentials, services that depend on these assumptions may need to rethink what “helpful” really means and how they rely on that information.

Security Model: New Questions, Not New Threats

CX doesn’t introduce a fundamentally new class of threats, but it does complicate the security model that many RPs and security teams have come to expect.

If CX has been used to export credentials, that same passkey may now live in a completely different ecosystem. There’s no standard way for RPs to tell whether a credential has moved or where it ended up. That makes it harder to scope the blast radius of an incident, and harder to know who still needs help.

There’s also the practical issue: most services haven’t built passkey rotation flows yet. Even if passkey re-registration is technically possible, very few RPs support it in production today. So when credentials are compromised and there’s no clear path to rotate them, users may fall back to less secure recovery options like SMS or email-based OTPs.

These aren’t dealbreakers. But they are operational challenges that need to be solved as CX gains adoption. If you’re building or maintaining a passkey-enabled system, now’s the time to think through:

• What happens when a credential manager is breached?
• Can you support credential rotation or re-enrollment?
• Are you depending on ecosystem hints that might no longer be valid?

Let’s Not Lose the Plot

Yes, there are risks. Yes, they’re worth discussing. But let’s be clear: not every use case demands the same level of security response, and not every theoretical vulnerability warrants panic.

CX is a tool, not a mandate. Its value depends on how and where it’s used. That’s why these questions about breach impact, credential portability, and fallback mechanisms must be addressed as part of a proper risk management exercise, not just tossed around as worst-case hypotheticals.

Threat modeling isn’t about imagining everything that could possibly go wrong. It’s about weighing likelihood, impact, mitigation, and business value. Treating CX as inherently dangerous because it introduces new questions is a shortcut to bad security decisions. Ask the questions, but do it in context. 

Why Not Just Call It “Migration”?

Honestly, that might’ve avoided a lot of confusion. CX as a name is technically accurate, but it doesn’t scream “this is only for rare migrations.” And unfortunately, consumer tech reporting has run with the idea that CX means passkeys can be synced across all providers, finally making good on the cross-platform dream.

That’s… not what this is.

It’s also not a get-out-of-jail-free card for people storing the same passkey across multiple providers. If one manager is compromised, that same credential may be reused elsewhere. Using CX doesn’t remove the passkey from the source. That’s still manual and must be done by the user if the user wants to avoid having credentials in multiple locations. The best practice, just like with passwords, is still to use one provider, close old accounts when you’re done, and avoid scattering credentials like breadcrumbs across the Internet. 

Bottom Line: This Is About Control, Not Convenience

Exportable passkeys, via CX, aren’t for your average user. They’re for those who want choice, who don’t want to be tied to a single vendor forever, and who want a standards-based path forward.

It’s not about making your credentials work everywhere. It’s about giving you a secure, private way to move them somewhere else when you’re ready to go.

It may not be a feature you ever use. But you’ll be glad it exists when you need it.

Thanks to Dean H. Saxe and many others for all their support in answering my questions and reviewing the post!

Disclaimer: The views expressed in the content are solely those of the author and do not necessarily reflect the views of the IDPro organization.

Author

Heather Flanagan is the Principal at Spherical Cow Consulting, helping organizations navigate the fast-moving world of digital identity and Internet standards. With 15+ years of experience translating complex technical concepts into clear, actionable strategy, she is known for bridging communities and guiding collaborative work. Heather currently co-chairs the W3C Federated Identity and Exploration Interest Groups, the IETF Secure Patterns for Internet Credentials (SPICE) working group, and HotRFC. Her past roles include leadership positions with the OpenID Foundation, IDPro, the IETF/IRTF, and REFEDS. Named to the 2025 Okta Identity 25 as a top thought leader in digital identity, Heather is a frequent speaker and writer focused on standards, governance, and the real-world friction of identity implementation. You can find more of her blog posts (and link to an audioblog podcast!) on her website at https://sphericalcowconsulting.com.

The post Passkeys and Credential Exchange appeared first on IDPro.

Here are some highlights of the standout sessions, announcements, and community moments that shaped Identiverse 2025.

Highlights

IDPro Members’ Reception

The IDPro community gathered for a vibrant Members’ Reception at Mandalay Bay. The event, which drew a packed house of identity innovators, standards leaders, and privacy advocates, was standing-room only — a testament to the strength and momentum of the digital identity profession. IDPro members were welcomed by IDPro Board Members Hannah Sutor, Dr. Tina Srivastava, Heather Flanagan, and Bertrand Carlier. The evening unfolded seamlessly and stress-free, fostering meaningful connections in a warm and welcoming atmosphere. Drinks were provided courtesy of sponsor Hydden!

The reception reflected the heart of IDPro’s mission: to create, manage, and use digital identities in ways that are professional, ethical, secure, and privacy-preserving — all in service of reliable and high-value digital services. That shared commitment echoed throughout the room, as members old and new affirmed the principles that guide our growing community.

IDPro & IDAC “Identity Feud”

Fresh off their hit game show at FIDO Authenticate, Identity at the Center podcast hosts Jeff Steadman andJim McDonald brought the fun to Identiverse with a spirited installment of “Identity Feud.” This high-energy showdown saw Team IDPro: Heather Flanagan, Mike Kiser, andDr. Tina Srivastava in a battle of identity trivia, best practices, and buzzy survey questions. The event packed a laughter-filled pavilion, cheering them on.

The event was more than just entertainment—it was a celebration of community. Practitioners and thought leaders mingled and bonded over shared identity quirks, highlighting the camaraderie that defines the IDPro community. In true Identiverse fashion, Identity Feud delivered connection, levity, and a reminder that the identity world knows how to work hard—and play hard too.

Identiverse 2025 Sessions

Ping Identity CEO Andre Durand headlined with a keynote on scaling secure digital business at the speed of trust. With more users, devices, bots, and AI expanding the threat landscape, Durand argued that continuous, contextual, and verified trust is needed to keep pace. He painted a picture of an identity future where adaptive, continuous authentication enables agility without sacrificing security, giving organizations an edge over adversaries. This call to embrace a zero-friction, high-trust paradigm set an optimistic tone for the conference.

“Data Provenance: Keystone of Trust in the Age of Deepfakes” – Top-ranked cybersecurity analyst Jack Poller held a fascinating discussion with IDPro Board member and Badge Inc. Co-Founder Dr. Tina P. Srivastava and former DARPA CybersecurityDan Kaufman on preserving trust as AI-generated deepfakes blur reality. The panel discussed the critical need for strong data provenance to combat manipulated identities and forged credentials.

Masterclass – Identity-First Security: In a technical deep-dive, Wade Ellery (Field CTO, Radiant Logic) led a masterclass on fortifying defenses through an “identity-first security” approach. Ellery highlighted that identity has become the number one attack surface in cyber breaches, placing identity teams on the front line of defense. He showed how high-quality identity data is the linchpin: garbage in/garbage out identity data undermines security decisions, so organizations must transform their identity data management to enable fully empowered identity-first security. Attendees gained strategies to improve data integration and consistency, reinforcing that strong identity foundations are key to better defense.

Cisco spotlighted its identity vision with a focus on resilience and user experience. In a keynote, Matt Caulfield (Cisco Duo) urged teams to plan for outages and breaches—“your worst day on the job”—by embracing passwordless, proximity-based authentication. Later, IDPro member Chris Anderson tackled rising threats from fake identities, outlining how context-aware signals like device trust and anomaly detection can help spot imposters. Together, their message was clear: with modern design, security and seamless access aren’t in conflict—they’re two sides of the same strategy.

“Italian Precision and German Creativity” – Thales & NAB Conversation.

In a standout cross-continental session, Marco Venuti (Thales) and Olaf Grewe (National Australia Bank) explored B2B identity through the lens of “Italian Precision and German Creativity.” Their candid dialogue offered real-world strategies for managing third-party access and building trust in partner ecosystems. The session reflected Identiverse’s global outlook, and Thales reinforced its forward-thinking stance by showcasing quantum-safe, phishing-resistant authentication for future-ready MF.A

The IPSIE panel, featuring experts from Workday, Beyond Identity, Okta, and SGNL, tackled the complexity of identity standards like SAML, OAuth, and FIDO. Panelists including Jen Schreiber and Dean Saxe emphasized how technical profiles and frameworks (e.g. OpenID profiles) can bridge the gap between evolving protocols and enterprise needs—enabling secure, mix-and-match interoperability without the chaos. The message: simplifying identity integration is a shared challenge, but real progress is underway.

Expo Hall

The Expo Hall featured multiple booths, including IDPro, and was the location of many debates on identity, AI, and the future!

The message was clear throughout the week: identity isn’t just foundational to cybersecurity; it’s becoming the anchor point for securing a future shaped by intelligent systems.

Author

Dr. Tina Srivastava  is an MIT-trained rocket scientist, entrepreneur, technology expert, author, and the inventor of more than 15 patents.

The post Identiverse 2025 Recap – Another Perspective appeared first on IDPro.