Phishing-Resistant MFA for Apps Without WebAuthn-Support (Fido). Enjoy (denniskniep.github.io) 2 points by treesgrowslow 3y ago ↗ HN
[–] treesgrowslow 3y ago ↗ We developed FIDO MFA via Standard Browser for applications without WebAuthn Support.Only if we enforce FIDO-only MFA and block legacy authentication via SMS, Call and Authenticator App we are truly phishing-resistant.WebAuthn is a requirement, but not always available. Some legacy Apps use WebViews without Webauthn support.Detached FIDO Authentication is the answer.We are looking forward to your feedback and hopefully improvement ideas.
1 comment
[ 1.7 ms ] story [ 9.1 ms ] threadOnly if we enforce FIDO-only MFA and block legacy authentication via SMS, Call and Authenticator App we are truly phishing-resistant.
WebAuthn is a requirement, but not always available. Some legacy Apps use WebViews without Webauthn support.
Detached FIDO Authentication is the answer.
We are looking forward to your feedback and hopefully improvement ideas.