Phishers have found a way to downgrade—not bypass—FIDO MFA

The article discusses a new phishing technique that can downgrade, but not bypass, FIDO multi-factor authentication (MFA). Researchers have discovered that phishers can manipulate the FIDO authentication process to trick victims into providing their credentials and one-time passcodes, which are then used to access the targeted account. The article clarifies that this technique does not circumvent FIDO's security measures, but rather exploits the user's actions to obtain the necessary information. FIDO remains a robust security standard, and the article emphasizes that this phishing method highlights the importance of user education and vigilance, rather than a flaw in the FIDO protocol itself. The article underscores the ongoing efforts by cybercriminals to find new ways to compromise security measures, and the need for organizations and individuals to stay informed about the latest threats and take appropriate actions to protect their digital assets.