1 comment

[ 1.7 ms ] story [ 9.1 ms ] thread
We developed FIDO MFA via Standard Browser for applications without WebAuthn Support.

Only if we enforce FIDO-only MFA and block legacy authentication via SMS, Call and Authenticator App we are truly phishing-resistant.

WebAuthn is a requirement, but not always available. Some legacy Apps use WebViews without Webauthn support.

Detached FIDO Authentication is the answer.

We are looking forward to your feedback and hopefully improvement ideas.