CyberHappenings logo
☰

Insecure Recovery Methods in Passwordless Authentication

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

Adoption of passwordless authentication methods is increasing, but account recovery processes remain insecure. Researchers at Black Hat USA highlighted risks associated with using insecure communication channels like email and SMS for account recovery. These weaknesses can lead to account takeovers or permanent lockouts. Users and service providers must implement stronger recovery methods to mitigate these risks. Researchers tested 22 of the most visited websites and found design flaws, security policy weaknesses, and missing best practices in account recovery processes. They recommend using two-factor recovery options, strong session policies, and multifactor authentication to enhance security.

Timeline

  1. 11.08.2025 20:53 📰 1 articles

    Security flaws in account recovery processes identified at Black Hat USA

    Researchers at Black Hat USA presented findings on the security flaws in account recovery processes for passwordless authentication. They tested 22 of the most visited websites and identified design flaws, security policy weaknesses, and missing best practices. The study emphasized the need for stronger recovery methods to mitigate risks associated with insecure communication channels.

    Show sources

Information Snippets