Visit
Visit
By Grace Stanley

A new study reveals that passkeys — widely promoted as a safer login method compared with passwords — may unintentionally expose users to serious risks in situations involving interpersonal abuse. The research introduces the first framework for analyzing how digital authentication tools can be exploited in contexts such as intimate partner violence, elder abuse and human trafficking.

The study was presented Aug. 15 at the 2025 USENIX Security Symposium in Seattle. The research was led by Ph.D. candidates Alaa Daffalla and Arkaprabha Bhattacharya; Thomas Ristenpart, professor at Cornell Tech and the Cornell Ann S. Bowers College of Computing and Information Science; Nicola Dell, associate professor at Cornell Tech; and researchers at New York University and the University of Wisconsin, Madison.

“As new authentication mechanisms are rolled out by tech companies, it’s crucial to consider how they might be exploited to enable interpersonal abuse,” said Dell, who is also affiliated with Cornell Bowers. “Our goal in this study is to discover how passkeys might be abused, with the hope of helping to make passkeys safer for everyone in the future.”

Read more in the Cornell Chronicle.

Grace Stanley is the staff writer-editor for Cornell Tech.

< Back to News

Media Highlights

Bloomberg Law

Ripple Ruling Blurs Definition of Cryptocurrencies as Securities

Mental Daily

Study Takes A Closer Look At NYPD Patrol Patterns Using Dashcam Footage

Tech Policy Press

Content Moderation, Encryption, and the Law

Princeton University

Tech Expert Arvind Narayanan Takes the Helm at Princeton Center for Information Technology Policy

Marktechpost

A New AI Research from Stanford, Cornell, and Oxford Introduces a Generative Model that Discovers Object Intrinsics from Just a Few Instances in a Single Image

RELATED STORIES