Passkeys in Interpersonal Threat Models: Abusability Analysis of Early Deployments
Passkeys in Interpersonal Threat Models: Abusability Analysis of Early Deployments
These are the UI stepthrough protocols accompanying our paper: "Passkeys in Interpersonal Threat Models: Abusability Analysis of Early Deployments". We compile all stepthroughs in multiple Excel sheets corresponding to the "abuse vectors" mentioned in our paper. Each Excel sheet contains a Readme file clarifying the client-side configurations and a high-level description of what the tasks assigned to the analyst were in order to realize an abuse vector and carry out an attack. For the gaslighting abuse vector, please refer to our paper where we include a summary of all account security interfaces (ASIs) across all the services studied and their spoofability (Figure 4). Each row in the sheet corresponds to a service and all interfaces shown are that of the service. We only include services for which an abuse vector applies. For example, the adversarial passkeys abuse vector requires that a service supports multiple passkeys per user account, thus we exclude all services for which only a single passkey per account is supported.
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).0 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average
Citations provided by BIP!Popularity provided by BIP!