Phish-resistant: FIDO Passkey
What are FIDO passkeys?
FIDO (Fast Identity Online) passkeys, are a type of authentication method that follow the FIDO open authentication standards designed to enhance online security using public-private key cryptography.
FIDO passkeys can take many forms, such as a hardware security key, a passkey registered to a website on your browser, or even a smartphone with built-in biometric capabilities.
Why are FIDO passkeys considered phish-resistant?
FIDO passkeys are considered phish-resistant due to their cryptographic communication protocols used during authentication challenges. The passkeys also must be registered with the authenticating service, ensuring they only respond to requests from approved domains.
The FIDO open standards were fundamentally designed with phishing resistance in mind, ensuring that sensitive data is never leaked in the authentication process and eliminating shared secrets.
Should my organization implement FIDO passkeys?
Yes, FIDO passkeys are phish-resistant and should be a component of a multi-factor authentication system, complemented by other phish-resistant factors.
However, it's important to consider how FIDO passkeys are implemented. Your organization can choose to implement it in-house or opt for a solution that adheres to FIDO standards.
Beyond Identity is a member of the FIDO2 board member and our phish-resistant MFA platform is FIDO2 certified. We are dedicated to upholding these industry standards and placing security at the forefront of our design.