Hackers Can obtain Fast IDentity Online (FIDO) physical keys.

Hackers have found a way to steal login credentials even for accounts protected with Fast IDentity Online (FIDO) physical keys. It revolves around a fallback created in these multi-factor authentication (MFA) solutions, and only works in certain scenarios. FIDO keys are small physical, or software authenticators, that use cryptographic technology to securely log users into websites and apps. They serve as a multi-factor authenticator, preventing cybercriminals who have already obtained login credentials from accessing the targeted accounts.To use the authenticator, most of the time users need to physically interact with the device. In some scenarios, however, there is a replacement mechanism – scanning a QR code. Criminals have started using this fallback in so-called adversary-in-the-middle (AitM) attacks. Which way is safe for humans ?