Phishing-resistant authentication is now the baseline for identity

At a glance

What this is: This is OneSpan’s recap of the FIDO Alliance seminar arguing that passwordless, phishing-resistant authentication should replace legacy MFA assumptions.

Why it matters: It matters because IAM teams need to harden both workforce and customer authentication while also planning for AI-amplified impersonation and access abuse.

By the numbers:

• Phishing attacks increased by 4.2% after the introduction of ChatGPT.
• Phishing is now estimated to be 30x more cost-effective than traditional human-led social engineering.
• Over 53% of consumers reported an increase in suspicious digital activity over the past year.

👉 Read OneSpan's recap of the FIDO Alliance seminar on phishing-resistant authentication

Context

Phishing-resistant authentication is the security model in which a login method cannot be easily replayed, proxied, or stolen through shared secrets. The article argues that as phishing proxies, real-time man-in-the-middle attacks, and social engineering improve, legacy MFA is no longer enough for identity programmes that still rely on interceptable factors.

For IAM teams, the practical issue is not whether passkeys are fashionable. It is whether authentication can still stand up to modern credential theft across workforce, customer, and partner access paths, especially as AI lowers the cost of attack scale and impersonation.

Key questions

Q: How should security teams roll out passkeys without disrupting existing identity programmes?

A: Start with the highest-risk populations first, especially administrators, help-desk teams, and users who face frequent phishing attempts. Preserve fallback methods only where needed, but set a clear migration path away from reusable secrets. The goal is to reduce the number of login journeys that can be proxied or replayed while keeping adoption simple enough that users actually switch.

Q: Why do phishing-resistant authenticators matter more than legacy MFA?

A: Legacy MFA often adds a second step without changing the trust model, so attackers can still relay or intercept the login flow. Phishing-resistant authenticators bind the credential to a device or cryptographic challenge, which removes the shared secret the attacker is trying to steal. That makes the control materially harder to bypass in real-time attacks.

Q: What do IAM teams get wrong about authentication and AI risk?

A: Many teams treat AI as a separate topic from identity, when in practice AI increases both impersonation risk and the need for stronger authorization. Deepfakes, synthetic support interactions, and automated attack scale all pressure identity controls at the same time. Governance works better when authentication, authorization, and fraud response are designed together.

Q: Which frameworks should guide phishing-resistant authentication decisions?

A: NIST SP 800-63 is the clearest fit for authentication assurance and phishing-resistant methods, while the NIST Cybersecurity Framework 2.0 helps place those controls inside a broader governance model. If AI-mediated identity risk is in scope, teams should also align with AI governance processes so access decisions and model usage are controlled together.

Technical breakdown

Why legacy MFA fails against phishing proxies

Traditional MFA often assumes that a second factor adds meaningful assurance because the attacker cannot easily see or reuse it. That assumption breaks when adversaries use phishing proxies or real-time adversary-in-the-middle tooling, which sit between the user and the legitimate service and relay both credentials and session tokens. The result is authenticated compromise, not just password theft. Generative AI increases the volume and quality of these attacks, making old multi-step login flows easier to abuse at scale. The issue is not MFA itself, but the continued dependence on factors that can be intercepted in transit.

Practical implication: move high-risk populations to phishing-resistant authenticators instead of adding more interceptable factors.

How passkeys change the authentication trust model

Passkeys replace shared secrets with public key cryptography, where the private key stays bound to a device or synced credential store and the server only verifies a signed challenge. That means there is nothing for a phisher to reuse in a login prompt. Device-bound hardware keys raise assurance further because the credential cannot be exported like a password or OTP seed. This is a structural shift in trust, not just a better user experience. The article’s point is that usability and security no longer have to be in tension when the authenticator itself is designed to resist interception.

Practical implication: prioritise passkey rollout for privileged users, support staff, and other high-impact accounts first.

Securing AI with identity controls

The seminar also frames identity as part of AI governance, not only human authentication. When systems use AI to make access, analysis, or interaction decisions, identity becomes the control layer that constrains what data and tools those systems may reach. That includes protecting identity against deepfakes and impersonation fraud, and using identity to authorize model and data use. The key technical point is that AI expands the attack surface around authentication rather than replacing it. Organisations that treat identity and AI as separate programmes will miss the way impersonation, access, and authorization now overlap.

Practical implication: include AI-related impersonation and authorization scenarios in identity threat modelling and access design.

Threat narrative

Attacker objective: The attacker wants to obtain authenticated access without triggering the user’s normal trust expectations or the organisation’s legacy MFA controls.

1. Entry begins with phishing proxies, adversary-in-the-middle relays, or social engineering that captures credentials during legitimate sign-in.
2. Escalation occurs when the attacker reuses the authenticated session or hijacks the login flow, bypassing weaker MFA methods that were never meant to resist relay attacks.
3. Impact is unauthorized access to workforce, customer, or ecosystem accounts, with AI-assisted scaling increasing the volume of successful impersonation attempts.

Breaches seen in the wild

• Shai Hulud npm malware campaign — Shai Hulud campaign: npm malware exposed secrets on GitHub.
• Reviewdog GitHub Action supply chain attack — reviewdog/action-setup GitHub Action supply chain attack exposed secrets.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Phishing-resistant authentication is now the minimum viable control for exposed identity paths. The article correctly treats phishing proxies and adversary-in-the-middle attacks as a structural break in legacy MFA assumptions. Once the login ceremony can be relayed, the control no longer verifies presence in the way the programme thinks it does. Practitioners should stop evaluating MFA as a generic bucket and separate interceptable factors from phishing-resistant authenticators.

Passkeys shift assurance from secret reuse to cryptographic proof of possession. That matters because identity governance no longer rests on whether a user can remember or receive a code, but on whether the credential can be replayed elsewhere. In NIST SP 800-63 terms, the assurance boundary moves away from shared secrets and toward authenticators with stronger resistance to phishing and replay. Practitioners should map passkeys to the accounts where interception risk is highest.

Identity and AI are converging into one governance problem, not two. The article’s three roles for identity around AI, against AI, and with AI are directionally correct because impersonation, access control, and authorization now interact. Deepfakes and synthetic interaction increase the value of identity proofing, while AI systems themselves need identity-bound access to models and data. Practitioners should build governance that spans human login, machine authorization, and AI-mediated fraud scenarios.

Secure access fails when user experience, ecosystem complexity, and authenticator choice are treated as separate goals. The article’s emphasis on deployability is important because authentication only scales when the secure path is also the easiest one to use. That is especially true in mixed estates where workforce, consumer, and partner identities share the same trust fabric. Practitioners should design authentication programmes around adoption friction as a security variable, not a rollout afterthought.

From our research:

• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
• For a broader baseline: only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.

What this signals

Passkey adoption will increasingly be judged by how well it replaces replayable authentication paths, not by whether it coexists with them. Teams that keep OTP or push factors as the primary fallback for exposed sign-in journeys will continue to carry phishing exposure, even if the user experience looks modern.

As identity and AI converge, authentication design will need to account for synthetic impersonation, help-desk fraud, and model access in the same programme. That means security leaders should treat login assurance, session integrity, and authorization for AI systems as one governance surface rather than separate initiatives.

The practical signal for readers is clear: if an identity journey can still be proxied, replayed, or socially engineered, it is not yet phishing-resistant. Modern authentication programmes should align with NIST SP 800-63 Digital Identity Guidelines and measure success by the number of exposed paths removed, not the number of factors added.

For practitioners

• Prioritise phishing-resistant authentication for high-risk accounts Move administrators, support staff, and privileged business users to passkeys or hardware-backed authenticators before broad population rollout. Keep legacy MFA only where phishing-resistant options are not yet operational, and segment those accounts for extra monitoring.
• Remove reliance on interceptable second factors Review where OTPs, push approvals, and other replayable factors still serve as primary protections. Replace them in exposed sign-in paths where phishing proxies or adversary-in-the-middle attacks are realistic.
• Test authentication against relay and impersonation attacks Run tabletop and red-team exercises that simulate phishing proxies, real-time credential relay, and deepfake-assisted support calls. Use the results to identify which identity journeys still trust the wrong signals.
• Build identity governance into AI adoption Define who and what can access model endpoints, training data, and sensitive prompts. Treat AI-mediated impersonation and authorization as identity risks, not just fraud problems, and align controls with NIST Cybersecurity Framework 2.0.

Key takeaways

• Legacy MFA no longer provides enough resistance when attackers can relay credentials through phishing proxies and real-time interception tools.
• Passkeys and hardware-backed authenticators change the trust model by removing the shared secret that attackers are trying to steal or replay.
• Identity teams should design authentication, AI governance, and fraud controls as one programme because impersonation risk now spans all three.

Key terms

• Phishing-resistant authentication: Authentication that cannot be easily captured and replayed through a fake login page or relay attack. It uses cryptographic proof rather than reusable secrets, which makes the login ceremony far harder to intercept in real time.
• Passkey: A passkey is a FIDO-based credential that replaces passwords with public key cryptography. The private key stays bound to a device or synced credential store, so the user authenticates without entering a shared secret that can be phished or reused.
• Adversary-in-the-middle attack: An adversary-in-the-middle attack places the attacker between the user and the legitimate service during sign-in. The attacker relays authentication steps in real time, allowing them to steal the session or login result even when the user appears to authenticate normally.
• Phishing proxy: A phishing proxy is a fake login site or relay service that mimics a real authentication page and forwards the victim’s credentials and session data to the genuine service. It defeats controls that rely on the user entering reusable secrets into a trusted-looking prompt.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by OneSpan: Back to identity: FIDO Alliance and the future of phishing-resistant authentication. Read the original.