Phishing Resistance
← Back to WebAuthn and Passkeys
WebAuthn credentials are cryptographically bound to the origin (domain) they were registered with. A credential created for example.com will not work on evil-example.com, making phishing attacks fundamentally ineffective. This is the strongest anti-phishing property available in modern authentication.