Skip to main content

Your Users Have Passkeys and Still Got Breached: The Pass-the-Cookie Gap in Phishing-Resistant MFA

Nick Ross6 min read

TL;DR

  • Passkeys and FIDO2 keys are phishing-resistant, but they do not protect a session token after it is issued, which is why pass-the-cookie attacks bypass them entirely.
  • In a real consulting case, an organization using phishing-resistant MFA still lost $530,000 to a fraudulent wire after a pass-the-cookie compromise.
  • Stolen Microsoft session cookies replayed from the attacker's browser sign in as the user without ever touching the MFA method, since the authentication already happened.
  • Requiring a compliant or managed device through Conditional Access blocks a replayed session token from an attacker's unmanaged machine, the single most effective control against this attack.
  • Strict continuous access evaluation with trusted locations and the preview token protection session control are the strongest session-bound defenses, though token protection did not yet cover web cookies as of June 2024.

Passkeys are among the strongest MFA you can roll out, and we have made the case before for treating phishing-resistant methods as the goal. Few organizations are mature enough to have deployed them broadly yet, but here is the uncomfortable part for the ones that have: a user protected by a YubiKey or passkey can still be fully compromised in Microsoft 365. We have seen it firsthand. One organization we consulted with wired $530,000 to a fraudulent bank account after multiple users were compromised, every one of them behind strong MFA. This post walks through how that happens and the native Microsoft 365 protections that close the gap.

What is the attack, in one sentence?

It starts with a pass-the-cookie attack, also called cookie hijacking. Most websites store a session cookie when a user signs in, and Microsoft is no exception. Microsoft's default session lifetime is one hour, after which continuous access evaluation (opens in new tab) can re-evaluate and extend the session under certain conditions. Cookie hijacking has existed for years across every kind of site; what follows is how it plays out specifically against a Microsoft account protected by phishing-resistant MFA.

Stage one: the initial compromise

Diagram of the initial user compromise via cookie theft from a personal device

The setup, working through the diagram:

  • Assume the organization has done the right thing and set users up with phishing-resistant MFA. Our example user logs into Microsoft with a YubiKey.
  • That user can still reach their Microsoft account from a personal device. That device is not managed by the MSP and carries the usual weaknesses: out-of-date hardware, missing patches, no antivirus or substandard antivirus.

A note before going further: the personal-device framing does not mean this is impossible on a managed machine. The likelihood is simply higher on personal devices.

  • When the user signs in, they authenticate with the YubiKey and the session cookie lands in the browser.
  • The attacker's method for initial access varies, but a popular one is a malicious link in email. Say the company uses Workday for HR and the attacker sends an automated-looking message: "We need you to approve Jane's time-off request, click this link." After the click, malware deploys to the device.
  • With the malware running, the attacker remotely extracts cookies from a browser like Chrome. Taking the Microsoft session cookie, they insert it into a browser on their own device and refresh the page to sign in as the user automatically. The user is now compromised, and the passkey was never challenged, because authentication already happened on the victim's machine.

Stage two: locking in persistence

Diagram of attacker establishing persistence after initial compromise

The stolen session token is good for only an hour, and CAE is likely to terminate it once it sees a new IP. The attacker knows this and moves to keep access:

  • Join a device to the tenant so it appears to be a trusted device on the network
  • Add a secondary MFA method so they can re-authenticate and keep the session alive

From there the attacker's next moves depend on the goal. In this case the objective was moving money, which meant compromising additional users or running reconnaissance to find who handles payments.

Stage three: moving the money

Diagram of the funds movement stage of the business email compromise

With a plan in place, the attacker cleans the inbox to hide the initial attack and creates inbox rules to stay invisible, often correlated to the additional users they intend to target. Those rules quietly move messages to archive or mark them read, so the campaign runs without the legitimate user noticing.

Then comes the payload: the attacker reaches out to multiple contacts claiming a supplier updated their bank details for regular ACH payments, collecting the change by email or through a fake "update" page. The money goes to the fraudulent account.

Stage by stage: how Microsoft 365 closes each gap

Now walk the same attack again with the defenses in place. Keep in mind that most of these are not on by default.

Initial compromise diagram revisited with layered protections applied

Lock down the device, not just the login

  • Passkeys already give us a strong MFA method, so authentication is well protected.
  • Users should be prevented from accessing corporate data on personal devices. Where that is not feasible, require the device to be enrolled in Intune with baseline requirements (minimum OS, AV installed, and so on), which sharply reduces the chance of malware in the first place. Requiring device compliance through Conditional Access adds the decisive layer: a session token replayed from the attacker's own device fails the compliance check and is blocked.
Conditional Access policy requiring a compliant device

Shorten or bind the session

Conditional Access session control options

Catch the malicious email and the malicious file

Defender for Office 365 phishing and link protection settings
Microsoft Defender antivirus policy configured through Intune

Bind the session to a trusted location with strict CAE

Strict CAE configuration with trusted locations
Token protection session control in Conditional Access preview

Let identity protection flag the anomaly

Identity Protection diagram in the attack walkthrough
  • Outside the session itself, Entra's native Identity Protection (opens in new tab) may flag the new session as suspicious based on its IP. With Entra ID P2, Identity Protection policies can automatically block the user, and this also feeds CAE's native protections.
Entra Identity Protection risk detection settings

Current CAE near real-time detections:

CAE near real-time detection list

Block the persistence moves

Persistence stage diagram revisited with protections
  • To counter the device join, add a Conditional Access policy that requires MFA to register a device in Entra. Because this user uses passkeys, the attacker cannot fulfill a fresh MFA prompt to join the device. To block a second MFA method being added, use the same User Actions (opens in new tab) setting in Conditional Access to require a trusted IP, trusted device, and/or another MFA fulfillment.
Conditional Access User Actions policy for device registration and security info
  • Configure the authentication methods policy (opens in new tab) to prevent other MFA forms from being added. If only FIDO2 keys are allowed, the attacker cannot add Authenticator, OTP, or SMS/email as a second factor. And with passkeys, the attacker never harvested the username and password in the first place, since the session token did not contain them; a man-in-the-middle attack would have, which is the difference.
Authentication methods policy restricted to FIDO2 keys

Detect the inbox rules and the campaign

Funds movement stage diagram revisited with protections
  • Many of us have set a transport rule in Exchange Online to block automatic forwarding to external domains, a hardening recommendation for years. It does not cover the evasion tactics here, where rules mark messages read or move them to archive. Defender for Office 365 has native alerting for suspicious inbox rules (opens in new tab). These alerts go to tenant admins by default; route them into your ticketing system for investigation instead.
Defender for Office 365 suspicious inbox rule alert policy
Suspicious inbox manipulation rule alert detail
Defender for Cloud Apps suspicious inbox manipulation detection
  • Because the campaign may originate from an internal, legitimate user, native email protections may not catch the attacker emailing colleagues. This is where security awareness training carries weight: anything touching financial information should register as alarming, and that instinct is reinforced through automated and manual training.

The takeaway

Phishing-resistant MFA is necessary and not sufficient. It protects the moment of authentication and does nothing for the session token afterward, so the defenses that matter against pass-the-cookie are the ones that bind the session to a known device and location, limit what a compromised account can do next, and alert you when the quiet persistence work begins. Business Premium remains a capable platform for stopping these attacks, provided the controls are actually turned on.

Frequently asked questions

If passkeys are phishing-resistant, how does an attacker still get in?

Phishing resistance protects the act of authenticating. Once the user authenticates, Microsoft issues a session cookie, and malware on the device can steal that cookie and replay it from the attacker's browser. The passkey is never involved in the replay because authentication already completed.

What is the single most effective control against pass-the-cookie?

Requiring a compliant or managed device via Conditional Access. A session token replayed from an attacker's unmanaged machine fails the device check, so the stolen cookie is useless off the original device.

Does Conditional Access token protection stop this attack today?

Not fully as of June 2024. The token protection session control was in preview and protected Windows native client refresh tokens, not the web cookies central to this attack. Strict CAE with trusted locations was the stronger session-bound option at the time.

Find the session-theft gaps before an attacker does

Compliant-device enforcement, CAE, app consent limits, inbox-rule alerting: CloudCapsule checks whether each is actually live across every tenant you manage, against 250+ CIS-mapped controls in 60 seconds.

Run a free assessment
Nick Ross

Written by

Nick Ross

CEO · Microsoft MVP · Founder, T-Minus 365

Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.

Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.

Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.

Keep reading