Phishing-resistant MFA

Phishing-resistant MFA means second factors that an attacker cannot capture and replay through a lookalike site — principally passkeys/FIDO2 security keys, where the credential is cryptographically bound to the real site's origin. It is the bar that CISA and cyber-insurers increasingly ask for, because push-prompt and one-time-code MFA can still be defeated by real-time phishing proxies and MFA-fatigue spam.