According to NIST Special Publication DRAFT 800-63-B4, a phishing-resistant authenticator offers “the ability of the authentication protocol to detect and prevent disclosure of authentication secrets and valid authenticator outputs to an impostor relying party without reliance on the vigilance of the subscriber.” Two examples of phishing-resistant authenticators are PIV cards for US Federal employees and FIDO authenticators paired with W3C’s Web Authentication API for the private sector.
MORE FIDO in the News
Journal du Net: Digital accessibility: Why CIOs should make it a priority
In this byline, Andrew Shikiar explains how simple and safe...March 23, 2023
L’Eclaireur FNAC: How password managers are preparing for a future … without passwords
Passwordless authentication has the potential to continue to grow in...
ComputerWeekly: Accessible authentication: What companies need to consider
In this byline, Andrew Shikiar, executive director and CMO of...
Communications of the ACM: Passkeys unlock a new era for authentication
Until recently, replacing passwords has ranked somewhere between tricky and...