According to NIST Special Publication DRAFT 800-63-B4, a phishing-resistant authenticator offers “the ability of the authentication protocol to detect and prevent disclosure of authentication secrets and valid authenticator outputs to an impostor relying party without reliance on the vigilance of the subscriber.” Two examples of phishing-resistant authenticators are PIV cards for US Federal employees and FIDO authenticators paired with W3C’s Web Authentication API for the private sector.
-
About The AllianceAlliance MembershipSpecifications
-
FIDO User Authentication
-
FIDO Device Onboard
-
FIDO CertificationsFind Certified ProductsFIDO Accredited LaboratoriesAdministrative
-
Discover FIDO
-
Latest Updates
More FIDO in the News
Biometric Update: It’s World Passkey Day, actually: trust, adoption grows for FIDO credential
World Password Day is no longer. The annual day to promote secure password practices has…
PC Mag: RIP Passwords: Microsoft Moves to Passkeys as the Default on New Accounts
Anyone setting up a new Microsoft account will soon find they’re encouraged to use a passkey during…
The Verge: Microsoft goes passwordless by default on new accounts
After supporting passwordless Windows logins for years and even allowing users to delete passwords from their accounts, Microsoft…
