This white paper is part of a three-part series on preventing phishing attacks through passkey deployment:

  • Part 1: Overview – Introduces the concepts of a passkey journey toward phishing prevention.
  • Part 2: Partial prevention – Details strategies for enforcing passkeys in specific scenarios.
  • Part 3: Full prevention – Explains how to achieve comprehensive phishing resistance.

Making your services phishing-resistant takes more than one day because you are not just adopting a new phishing-resistant authentication method. It is a journey with multiple stages where you improve security by strengthening account login and recovery processes. This paper outlines the passkey journey and defines the authentication and recovery requirements for each stage.

Audience

Relying parties and developers who want to protect their applications from phishing attacks by adopting passkeys.

You can read the white papers on Passkey Central or use the following buttons to download PDF versions.

Part 1: Overview

Introduces the concepts of a passkey
journey toward phishing prevention.

Part 2: Partial Prevention

Details strategies for enforcing passkeys
in specific scenarios.

Part 3: Full Prevention

Explains how to achieve comprehensive
phishing resistance.