Recap Of Our 'Passkeys Pwned' Talk At Def Con
Security Boulevard, September 19,2025
What the 'Passkeys Pwned' talk is and isn't about, and what it reveals about the importance of correct implementation of the standard
As outlined in the DEF CON abstract below, the Passkeys Pwned attack highlights a passkey implementation flaw, specifically that of WebAuthn in the registration and authentication process. The Passkey Pwned attack is not actually a cryptographic flaw, nor is it a criticism of the FIDO Alliance. This information was detailed in both the DEF CON presentation and technical blog.