IAM glossary
Phishing-Resistant MFA
Concepts
Phishing-resistant MFA uses cryptographic methods bound to the legitimate site or device — FIDO2 security keys, passkeys, Windows Hello for Business, and certificate-based authentication. Unlike SMS codes or app prompts, the credential cannot be entered into a fake site or approved by mistake.
Why it matters
Attackers increasingly bypass app-based MFA with real-time phishing and MFA-fatigue prompts. Phishing-resistant methods close that gap and are the recommended target state for privileged and sensitive access.
Related terms
Ready to secure your identity foundation?
Book a free 30-minute discovery call. We'll talk through your environment and where the biggest wins are — no obligation.