Passkeys: voordelen en risico’s van deze nieuwe vorm van authenticatie

Passkeys: voordelen en risico’s van deze nieuwe vorm van authenticatie

Een toekomst zonder wachtwoorden komt steeds dichterbij dankzij passkeys. Grote platforms zoals Apple, Google, Amazon, eBay, Microsoft, PayPal, WhatsApp en TikTok ondersteunen deze vorm van authenticatie al.

Passkeys bieden zowel verbeterde beveiliging als gebruiksgemak, maar brengen ook aandachtspunten met zich mee.

Wat zijn passkeys?

Passkeys zijn een wachtwoordloze manier van inloggen. In plaats van een gebruikersnaam en wachtwoord bevestigt een gebruiker zijn identiteit met een hardware-authenticator, zoals een vingerafdruk of gezichtsherkenning, vergelijkbaar met het ontgrendelen van een smartphone.

Bij het gebruik van passkeys worden twee cryptografische sleutels aangemaakt:

• Publieke sleutel: opgeslagen door de website of applicatie
• Privésleutel: veilig opgeslagen op het apparaat van de gebruiker

Als de publieke sleutel uitlekt bij een datalek, is deze zonder de privésleutel onbruikbaar. Hierdoor zijn passkeys veiliger dan traditionele wachtwoorden.

Voordelen van passkeys ten opzichte van wachtwoorden

Passkeys bieden verschillende voordelen:

1. Niet te raden of te kraken
   Passkeys bestaan uit lange, willekeurige cryptografische sleutels.

2. Geen hergebruik van wachtwoorden
   Elke passkey is uniek per website of applicatie.

3. Bescherming tegen phishing
   Passkeys werken alleen op het domein waarvoor ze zijn aangemaakt en kunnen niet worden misbruikt op phishingpagina’s.

Daarnaast zorgen passkeys vaak voor een snellere en gebruiksvriendelijkere loginervaring, vooral op mobiele apparaten.

Wat zijn de risico’s van passkeys?

Hoewel passkeys in de basis veilig zijn, kunnen er risico’s ontstaan bij een onjuiste implementatie:

• Ontbrekende controle van cryptografische handtekeningen
  Dit kan impersonatie mogelijk maken.

• Origin confusion
  Gebruikers kunnen worden misleid om te authenticeren op een kwaadaardige website.

• Geen gebruikersverificatie
  Als aanwezigheid van de gebruiker niet wordt gecontroleerd, neemt de beveiliging af.

• Cross-site request forgery (CSRF)
  Ontbrekende bescherming kan leiden tot misbruik van authenticatieverzoeken.

• Onjuist gebruik van signature counters
  Hierdoor kunnen gekloonde authenticators onopgemerkt blijven.

Passkeys veilig implementeren

Passkeys zijn gebaseerd op moderne standaarden zoals WebAuthn. Deze standaarden zijn krachtig maar complex. Een zorgvuldige implementatie en grondige beveiligingstest zijn noodzakelijk om de voordelen volledig te benutten.

How exactly does a Passkey work?

For each website or application, two keys are created: a public key and a private key. You can think of this as a code consisting of letters and numbers. The public key is known to the website or app where you are logging in. The private key is linked to your personal device (such as your phone or laptop). The combination of these keys allows you to log in. If your public key gets exposed through a data breach, there’s no problem. Without your private key, a hacker can't do anything.

We will guide you through the advantages that Passkeys offer compared to traditional passwords. But, as you would expect from Computest Security, we will also discuss the potential risks of Passkeys in detail. More on this later.

Advantages of Passkeys compared to passwords

Passkeys offer several security advantages over traditional passwords. We have listed the most important ones for you:

1. Resistant to password guessing: Users often choose relatively short, easy-to-guess passwords. Something like Nameofchild123! or Streetnamehousenumber*… this happens more often than you think. Passkeys are so long that it’s impossible to guess them.
2. Prevents password reuse: Users often reuse the same passwords for different applications. This can happen to the best of us, but it’s certainly not ideal. This means that if one application is hacked, the attacker gains direct access to all applications where the same password is used. A Passkey prevents this danger.
3. Protection against phishing attacks: In a phishing attack, a user unintentionally enters their real password on a deceptive website created by a cybercriminal. This doesn’t work with Passkeys; the keys we mentioned earlier only work on the URL of the real app or website. This prevents phishing. Sounds much safer, doesn’t it?

Risks of passkeys

Thanks to these advantages, we expect that many organizations will soon support Passkeys. However, as with any innovation, there are also security risks involved. WebAuthn, the protocol on which Passkeys are based, is inherently very secure. But it must be correctly implemented by the supporting application. The protocol is complex and includes numerous checks that must be correctly performed. If this does not happen, it can lead to attacks where random, unsuspecting users' accounts can be accessed.

Let’s look at the risks of Passkeys:

• Missing signature check: Each authentication request contains data signed by a private key generated by the authenticator. This signature must be verified by the relying party. If this check is not performed, an attacker can log in as any user.
• Origin confusion: An attacker can invite a victim to visit a malicious relying party, say evil.com, and ask them to log in with the Passkey of the real relying party. The attacker can then forward the login attempt to the real website and log in as the user. To prevent this attack, a relying party must always check the Origin specified during the login attempt. Fortunately, this risk is minimized because correctly implemented authenticators also perform a double check on such attacks by verifying the Origin on their side.
• Missing checks for 'user presence' and 'user verification': With each authentication attempt, authenticators add flags for 'user presence' (is the user present during authentication) and 'user verification' (is the user verified, for example, via a PIN or fingerprint). Relying parties must verify the presence of both flags.
• Cross-site request forgery attacks: In this type of attack, an attacker tricks the victim’s browser into authenticating or registering on the attacker’s behalf. If this type of attack can be applied to the functionality of adding a new Passkey to an existing account, it can allow an attacker to take control of the user’s account. The attacker could then add their own Passkey to the victim’s account. WebAuthn is not designed to protect against such vulnerabilities by default, so it is important to implement separate protections against this type of attack.
• Missing counter check: To prevent the cloning of authenticators, authenticators send a signature counter that increments with each authorization request. If a relying party receives signature counters that do not increment (e.g., 17-11-18), it knows it is dealing with a cloned authenticator. Skipping this check makes it easier for attackers to use cloned authenticators.

Practical risks

Not only have we identified the risks associated with Passkeys, but we have also examined to what extent these problems actually occur in practice. We investigated five relying parties. During the investigation, we found one relying party vulnerable to Origin confusion, while three other parties did not correctly verify user presence and verification. We also encountered an application with a missing signature counter. Naturally, we informed the affected parties about the discovered vulnerabilities and provided solutions to resolve the identified issues.

Implementing Passkeys safely in your organization

We see a promising future where more and more organizations will use Passkeys. Are you curious if your organization is using Passkeys securely? At Computest Security, we can conduct a comprehensive security assessment to evaluate the safety of your implementation. Don’t hesitate to contact our WebAuthn specialists via our contact form more information or email [email protected].

Research in collaboration with a talented student

At DEFION Security, we encourage innovation in security technologies. In collaboration with academic institutions, we support research into new developments, such as Passkeys. Over the past six months, Peizhou Chen from the University of Twente has conducted his master’s thesis on this topic at DEFION Security under the supervision of Matthijs Melissen.

Dive deeper into the details

All information about the research is detailed in Peizhou Chen’s master’s thesis, available via this link.

At DEFION Security, we are proud of our collaboration with academic institutions to support research on current cybersecurity topics.