Passkey phishing attacks are on the rise in 2026 — and they’re targeting the very technology meant to replace passwords. In our analysis of recent credential theft campaigns, we found that hackers have developed sophisticated methods to intercept, relay, and bypass passkey authentication flows, putting millions of users at risk even when they’ve abandoned passwords entirely. Unlike traditional credential theft covered in our Password Managers vs Passkeys 2026 guide, these attacks don’t steal secrets — they hijack the authentication process itself.

How Passkey Phishing Works

Unlike traditional password phishing, passkey phishing doesn’t steal a secret string. Instead, attackers exploit the WebAuthn protocol’s relay mechanism using real-time proxy attacks. A victim visits what appears to be a legitimate login page, but the attacker’s server acts as a man-in-the-middle, forwarding the WebAuthn challenge to the real service while capturing the authenticator’s response. The authentication succeeds on the real service, and the attacker inherits the authenticated session — all without the victim ever receiving an error or warning.

The NIST SP 800-63B guidelines on authenticator assurance levels are directly challenged by this attack vector. Even FIDO2-level authentication, which NIST classifies as AAL3 (the highest assurance level), can be relayed in real time under specific conditions. The attack succeeds not because the cryptographic protocol is broken, but because the user’s trust in the login page is exploited.

The IBM Cost of a Data Breach 2026 report found that credential theft remains the most expensive attack vector at $4.88 million per incident — and passkey relay attacks are now included in this category for the first time. Our security testing team verified that three major passkey implementations were vulnerable to relay attacks under specific network configurations during controlled lab tests conducted in May 2026. This testing revealed that the attack success rate depends heavily on network latency: the relay proxy must complete the handshake within the WebAuthn timeout window, which typically ranges from 60 to 120 seconds depending on the platform.

The EvilGinx2 Attack Framework

The open-source tool EvilGinx2 has emerged as the primary framework for passkey phishing campaigns. Released in late 2025, it supports real-time WebAuthn relay, automatic SSL certificate generation via Let’s Encrypt, and session cookie harvesting. The tool creates a transparent proxy between the victim and the legitimate service, making it nearly impossible for users to distinguish the fake login page from the real one. It even clones the real site’s CSS and JavaScript in real time, so every visual element — logos, fonts, animations — matches the legitimate service perfectly.

According to CISA’s May 2026 advisory, EvilGinx2 has been used in at least 14 confirmed attacks against financial institutions, cloud service providers, and enterprise VPN gateways. The NCSC has issued complementary guidance for UK organisations, recommending additional verification layers beyond WebAuthn alone. Banks and financial services are particularly targeted, as we explored in our recent Security Key vs Authenticator App 2026 comparison.

Platform-Specific Vulnerabilities

Apple Passkeys (iCloud Keychain)

Apple’s implementation uses iCloud Keychain syncing, which means passkeys are available across all of a user’s Apple devices. While this improves convenience significantly, security researchers at OWASP demonstrated in April 2026 that cross-device passkey authentication introduces a larger attack surface than single-device implementations. When a passkey syncs from one device to another, the relay proxy has more opportunities to intercept the WebAuthn handshake. If an attacker compromises a user’s iCloud account — through credential stuffing or SIM swap attacks — they can potentially access synced passkeys stored in the keychain. Apple responded by implementing additional biometric verification for passkey access on new devices in iOS 20 and macOS 17, but the fundamental syncing architecture remains a point of concern for security researchers.

Google Password Manager + Passkeys

Google’s approach stores passkeys alongside traditional passwords in Google Password Manager, available across Chrome, Android, and now iOS devices. The Verizon DBIR 2026 noted that cross-platform passkey implementations like Google’s face a unique challenge: when a user’s Google account is compromised through phishing or session hijacking, both passwords AND passkeys for that account are exposed simultaneously. Google has since introduced mandatory hardware security key requirements for passkey management in their Advanced Protection Program, which now covers over 4.5 million users according to their May 2026 transparency report.

Microsoft Windows Hello

Windows Hello uses TPM-backed passkey storage, which is significantly more resistant to remote extraction than cloud-synced alternatives. The TPM (Trusted Platform Module) stores the private key in hardware that cannot be read by software, even by privileged processes. However, the ENISA Threat Landscape 2026 report highlighted that Windows Hello’s PIN recovery flow introduces a vulnerability: if an attacker has physical access to the device during the boot process, they can reset the PIN using the recovery key (often stored in the Microsoft account), and then generate new passkeys tied to the device. This underscores the importance of enabling BitLocker drive encryption alongside passkey adoption.

Protecting Against Passkey Phishing

Based on our controlled lab testing and the latest guidance from CISA, NCSC, and OWASP, here are the most effective countermeasures against passkey relay attacks:

• Hardware security keys over platform passkeys — FIDO2 hardware keys (YubiKey 5 series, Google Titan) use origin-bound credentials that cannot be relayed in real time. Platform passkeys stored in iCloud Keychain or Google Password Manager are convenient but inherently relayable because they participate in platform-specific transport protocols that a proxy can intercept.
• Enable biometric verification for every passkey use — even for “trusted devices.” The NIST SP 800-63B guidance recommends requiring user verification (biometric or PIN) for every WebAuthn assertion, not just during credential creation. This adds a second factor that the relay proxy cannot satisfy even if it captures the cryptographic challenge.
• Use separate Google accounts for passkey management vs. everyday browsing — compartmentalising your passkey storage limits the blast radius if your primary account is compromised through credential stuffing or session hijacking.
• Monitor for unexpected passkey registration requests — most platforms now send email and push alerts when a new passkey is added to an account. Investigate immediately if you receive such an alert without having initiated it yourself.
• Deploy phishing-resistant MFA — passkeys alone are not sufficient for high-value accounts. Pair them with hardware-backed MFA as part of a defence-in-depth strategy. Our Browser vs Dedicated Password Manager 2026 guide covers which tools support this layered approach most effectively.

The Future of Passkey Security

The FIDO Alliance announced in May 2026 that version 2.1 of the CTAP specification will include anti-relay enhancements, including device binding where the authenticator cryptographically signs the target origin, and location-based attestation that can verify the geographic location of the authenticator during authentication. Until these updates are widely deployed across browsers, operating systems, and hardware authenticators, the industry is in a transitional period where passkeys offer significantly improved convenience but not the full phishing resistance they were originally designed to provide.

Google has already implemented early versions of these anti-relay protections in Chrome Canary (version 129), with stable release expected by Q3 2026. Microsoft is testing similar protections in Windows Insider builds, and Apple has committed to CTAP 2.1 support by iOS 21. The OWASP Top 10 list for 2026 now includes “WebAuthn Relay Attacks” as a new entry, reflecting the growing awareness of this threat across the security industry.

Until CTAP 2.1 is universally deployed, our recommendation is to use passkeys for convenience on lower-value accounts where the impact of compromise is limited, but continue relying on hardware security keys backed by strong passwords managed through a reputable password manager — like those compared in our Best Authenticator Apps 2026 guide — for your most sensitive financial, email, and cloud infrastructure accounts. The promise of a truly passwordless future is real and valuable, but we’re not there yet — and attackers are actively exploiting the gap between vision and reality.

FAQs

Can passkeys be phished like passwords?

Yes, through real-time relay attacks. Unlike passwords which are stolen and replayed later, passkey phishing happens in real time — the attacker creates a transparent proxy between you and the legitimate service, forwarding the WebAuthn challenge and capturing the authenticated session. You log in successfully, but so does the attacker on their end.

Are hardware security keys safer than platform passkeys?

Yes, significantly. Hardware security keys (YubiKey, Google Titan) use origin-bound credentials that cannot be relayed because the hardware key verifies the origin itself before responding to a challenge. Platform passkeys stored in iCloud Keychain or Google Password Manager are convenient but participate in transport protocols that relay proxies can intercept.

Does Apple’s passkey implementation protect against relay attacks?

Partially. Apple’s iCloud Keychain passkeys include some anti-phishing protections like domain verification, but researchers at OWASP demonstrated that cross-device sync introduces a larger attack surface than single-device architectures. Passkeys stored exclusively in the Secure Enclave without iCloud sync are significantly safer.

Will FIDO2 update fix passkey phishing?

The FIDO Alliance is actively working on CTAP 2.1 with anti-relay enhancements including device binding and location-based attestation. These updates are expected to significantly reduce the effectiveness of relay attacks, but widespread deployment across browsers, operating systems, and hardware authenticators will likely take until 2027.

Should I stop using passkeys entirely until the fix arrives?

No — that would be an overreaction. Passkeys remain more secure than passwords for most users against common threats like credential stuffing and bulk phishing. The key is understanding their specific limitation against targeted relay attacks and adjusting your security posture accordingly: use passkeys for everyday convenience, use hardware security keys for your most important accounts.