On Wed, Sep 14 2022 at 06:58:12 AM +0000, Tommy Nguyen
<remyabel(a)gmail.com> wrote:
I'm not entirely convinced. See this paper:
https://eprint.iacr.org/2020/1298.pdf
I only read the abstract of this paper, but looks like the researchers
have found that FIDO is indeed unphishable. Seems their attack relies
on websites allowing downgrade to weaker forms of 2FA.