{"id":"iam-passkeys-phishing-resistant","text":"Passkeys and FIDO2 security keys are phishing-resistant (using public key cryptography); TOTP-based MFA methods are not phishing-resistant.","truth_value":"IN","source":"entries/2026/03/08/iam-mfa.md","source_url":"","source_hash":"5d501b8fb778eddd","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-passkeys-phishing-resistant","truth_value":"IN","reason":"premise"}]}}