FIDO2 / WebAuthn
Open authentication standards (FIDO Alliance + W3C) enabling phishing-resistant passwordless authentication via hardware security keys (YubiKey, Google Titan) or device-bound credentials (passkeys). Cryptographically binds authentication to the legitimate origin, defeating phishing.
More from Identity & Access
Multi-Factor Authentication (MFA)
Authentication requiring two or more independent factors: something you know (password), something you have (device, hardware key), something you are (biometric). Phishing-resistant MFA (FIDO2/WebAuthn, passkeys) is the 2026 standard; SMS MFA is deprecated.
Passkey
A phishing-resistant credential based on FIDO2/WebAuthn standards, stored in a device's secure enclave and authenticated biometrically. Bound to specific origins, so attackers cannot phish passkeys via lookalike sites. Apple, Google, Microsoft, and most major password managers support passkeys.
Single Sign-On (SSO)
Authentication scheme letting users sign in once and access multiple applications without re-authenticating. Enterprise SSO typically uses SAML 2.0 or OIDC (OpenID Connect over OAuth 2.0). Primary identity providers: Okta, Microsoft Entra ID (formerly Azure AD), Google Workspace, Ping Identity.
OAuth 2.0 / 2.1
Authorization framework for delegated access. Letting an application access resources on behalf of a user without the user sharing credentials with the application. OAuth 2.1 (finalized 2026) mandates PKCE, removes implicit and password grants, and tightens redirect URI handling.
Zero Trust
Security model where no implicit trust is granted based on network location. Every request is authenticated and authorized per-resource with continuous verification of identity, device, and context. Defined in NIST SP 800-207. ZTNA (Zero Trust Network Access) is the product category that replaces traditional VPNs.
Privileged Access Management (PAM)
Controls and tools for managing privileged accounts (admins, service accounts, break-glass). Includes credential vaulting, session recording, just-in-time elevation, and audit logging. Major vendors: CyberArk, Delinea, BeyondTrust.
Apply this to your environment
Our engagements address concepts like fido2 / webauthn in practice — not just definitions, but how the attack patterns apply to your stack and how to remediate.