According to NIST Special Publication DRAFT 800-63-B4, a phishing-resistant authenticator offers “the ability of the authentication protocol to detect and prevent disclosure of authentication secrets and valid authenticator outputs to an impostor relying party without reliance on the vigilance of the subscriber.” Two examples of phishing-resistant authenticators are PIV cards for US Federal employees and FIDO authenticators paired with W3C’s Web Authentication API for the private sector.
More FIDO in the News
CNET: World Password Day: We’re closer to ditching this crackable tech
Passkeys promise to be a big help, but until they take hold, we all need…
The Washington Post: Microsoft is changing how you log in to your accounts
Microsoft 365, Copilot and Skype accounts can use “passkeys”, which are more secure than passwords.
Verdict: OneSpan: Partner Ecosystem Profile
The company’s various solutions include regulatory compliance, PSD2 compliance, FIDO standard, fraud prevention, mobile app…
