fido2

Microsoft’s gradual march toward a passwordless enterprise just added a practical new tile: Windows Hello can now act as a passkey authenticator for Microsoft Entra accounts, letting employees use biometric unlock (or PIN) to sign into Entra‑protected resources without typing passwords. This is...

Microsoft's recent servicing updates for Windows 11 have changed how the operating system handles FIDO2 security-key sign‑ins: devices updated with the September 29, 2025 preview (KB5065789) or the November 11, 2025 security rollup (KB5068861) may now prompt users to create or enter a PIN for...

After installing the September 29, 2025 Windows preview update, Microsoft now warns that some security‑key sign‑ins may prompt users to create or enter a PIN, even when a PIN was not required at initial registration — a deliberate behavior change introduced to align Windows with WebAuthn/FIDO2...

The Louvre’s security humiliation—reports that a surveillance server could be accessed with the password “LOUVRE”—has turned a sensational daytime robbery of the Galerie d’Apollon into a wider institutional reckoning over museum cybersecurity, procurement failures and the real-world consequences...

Microsoft’s Entra ID will let administrators create multiple, group‑scoped passkey profiles — a move that shifts passkey (FIDO2) controls from a single tenant‑wide setting to a flexible, profile-based model and introduces a broader acceptance of attestation formats when Enforce attestation is...

The recent churn in the Linux world—Rust maintainer resignations, high-profile upstream disputes and filesystem governance fights—has breathed new life into a different conversation: developers who feel alienated by the Linux kernel’s culture and process do not necessarily have to fork Linux...

Microsoft’s latest push makes the long-promised “passwordless” future real for Windows 11 users by turning passkeys and Windows Hello into the default, secure way to sign into apps, websites, and corporate devices — removing passwords from the sign-in flow while preserving recoverability and...

A new, industrialized phishing service called VoidProxy is being used by multiple criminal groups to intercept Google and Microsoft sign-ins in real time, harvest credentials, MFA responses and — critically — session cookies that let attackers impersonate users without needing passwords or...

Microsoft has confirmed a second phase of mandatory multifactor authentication (MFA) that extends enforcement from Azure’s web admin consoles into the Azure Resource Manager (ARM) control plane — covering Azure CLI, Azure PowerShell, REST management APIs, mobile clients and...

Microsoft Edge’s Canary channel has begun surfacing experimental controls that explicitly treat passkeys as first‑class syncable credentials in the browser, adding new flags labeled Passkey roaming and Passkey roaming management and settings, and exposing a combined “Passwords and passkeys” sync...

SendQuick says its Conexa authentication platform has achieved FIDO2 server certification from the FIDO Alliance, a milestone the company claims will help enterprises cut password risk with phishing‑resistant, standards‑based sign‑ins. While this announcement signals a strategic shift toward...

HID is betting big on enterprise passkeys: the company has launched a refreshed line of FIDO‑certified Crescendo authenticators alongside a new Enterprise Passkey Management (EPM) service aimed at making large‑scale, phishing‑resistant sign‑ins easier to deploy and run. The August 5 announcement...

HID is bringing enterprise-grade passkeys to the mainstream, unveiling a refreshed line of FIDO2 authenticators alongside a new Enterprise Passkey Management (EPM) service designed to provision, monitor, and revoke credentials centrally at scale. The announcement introduces redesigned Crescendo...

When considering disaster resilience for Microsoft 365, the discussion often revolves around infrastructure, backup, and failover. However, insight from leading industry experts reveals a more foundational vulnerability—identity. At a pivotal summit hosted by Virtualization & Cloud Review, IT...

In recent developments, cybersecurity researchers have uncovered a sophisticated phishing toolkit named PoisonSeed, designed to circumvent the robust protections offered by FIDO2 authentication. This malicious tool targets users of Microsoft 365, Google Workspace, and Okta by redirecting their...

A new era of phishing is underway, and the stakes have never been higher for organizations relying on Microsoft 365, Okta, and similar cloud-driven services. The weaponization of artificial intelligence, most recently exemplified by the abuse of Vercel’s v0 generative AI design tool, has made it...

Cybersecurity professionals worldwide have watched for years as the battle between defenders and attackers has grown increasingly sophisticated. But a new wave of threats is now on the horizon—one where generative AI acts as the great equalizer, equipping even novice cybercriminals with the...

Microsoft's drive towards a passwordless future is entering a transformative and controversial new phase, with the tech giant set to delete all saved passwords from its Authenticator platform in August—a move projected to affect roughly 75 million users worldwide. This ambitious overhaul...

Microsoft’s latest moves in credential security are reshaping both the everyday user experience and the broader conversation around passwordless authentication. Nowhere is this transformation more evident than in the deepening integration of 1Password’s passkey capabilities directly within...

The digital security landscape is undergoing a significant transformation as passwords, long regarded as both essential and vulnerable, begin to yield to more advanced forms of authentication. Microsoft has been at the forefront of this evolution, aggressively pursuing a passwordless future...