WebAuthn

SDK provides WebAuthn for Nextcloud

To provide a passwordless experience on Android, we teamed up with Portknox and Nextcloud's Android developers and integrated our SDK in Nextcloud's Android app 3.14.0.

PIN Bypass in Passwordless WebAuthn on microsoft.com and Nextcloud

We were able to bypass the PIN authentication when logging into microsoft.com. This breakes the assumption of requiring two factors and allows an attacker to log into the victim's account by using only the security key. If the security key supports NFC, the attacker could sneak up on the victim and log in without getting noticed.