A new website is tracking which major companies have adopted passkeys, revealing that 24% of the world's most popular websites still lack support for the passwordless authentication method.
Passkeys represent a significant security advancement over traditional passwords, using cryptographic technology to eliminate phishing vulnerabilities and credential theft risks.
The tracking site highlights a persistent gap in adoption among major platforms. Despite growing industry support from tech leaders including Google, Apple, and Microsoft, roughly one in four top websites have not yet implemented passkey functionality.
Passkeys work by replacing passwords with biometric verification or device-based authentication, making them considerably more difficult to compromise than conventional login methods. Security experts have consistently recommended the shift away from password-based systems.
The naming and shaming approach aims to accelerate adoption by creating public accountability. As more services integrate passkey support, the security infrastructure for online accounts strengthens across the board. Users currently face a fragmented landscape where passkey availability varies significantly between platforms, limiting the practical benefits of the technology for everyday authentication.
The FCC is considering requiring identification for prepaid phone purchases, a shift that would eliminate anonymous phone use. Privacy advocates and domestic violence organizations are opposing the plan.
A malicious Microsoft Edge extension called 'Edgecution' has been exploited to bypass browser security and install a Python-based backdoor. The attack demonstrates how native messaging can serve as a bridge from browser extensions to system-level malware.
Law enforcement agencies worldwide have simultaneously disrupted two widely used cybercrime platforms in a coordinated operation dubbed "Operation Endgame," striking at the infrastructure supporting criminal activity online.
Mandiant has detailed how attackers exploited a Cisco Catalyst SD-WAN vulnerability (CVE-2026-20245) in zero-day attacks to gain root access and establish rogue administrator accounts on compromised devices.