While FIDO2 is “phishing-resistant” to credential stealing, it was also designed with the intent to further protect against session hijacking and man-in-the-middle (MiTM) attacks. Silverfort suggests that most applications do not protect the session tokens created after FIDO authentication is successful and that many identity providers are still vulnerable to MiTM and session hijacking attack types. Sysadmins are encouraged to review this post for a discussion on concerns with FIDO2 authentication. For more, please visit Silverfort.
You are here
Related Resources
Mar 13, 2025 in Cybersecurity, in Federal & State Resources, in Security Preparedness
(TLP:CLEAR) Dragos Case Study of Volt Typhoon’s Breach of a Massachusetts Electric and Water Utility
Mar 13, 2025 in Cybersecurity, in OT-ICS Security, in Security Preparedness
Mar 13, 2025 in Cybersecurity, in OT-ICS Security, in Security Preparedness