On Wed, 2022-09-14 at 02:46 -0400, Demi Marie Obenour wrote:
Because FIDO2 is not phishable. TOTP and HOTP are. The only other
non-phishable authentication method is TLS client certificates and
I would be fine with those.
I'm not entirely convinced. See this paper:
https://eprint.iacr.org/2020/1298.pdf