Skip to content
Close
SEARCH
CORPORATE TRUST SERVICES

Cryptography-based trust services to protect your digital identities, data and business secrets.

READ MORE
QUALIFIED TRUST SERVICES

Legally compliant digital signatures (eIDAS) to drive forward the digitalization of your business processes.

READ MORE
TRUST COMPONENTS

Everything to do with smartcards, tokens, readers, certificates and signatures.

ONLINE SHOP

INNOVATIVE AND SECURE PERSPECTIVES FOR A DIGITAL WORLD.

PKI & CRYPTOGRAPHY SOLUTIONS

STRONG AUTHENTICATION
Phishing-resistant with certificates or FIDO

ENTERPRISE PKI
for Zero-Trust & IoT

CERTIFICATES LIFE CYCLE MANAGEMENT

ENCRYPTION & KEY MANAGEMENT
for on-premise & Cloud

ENTERPRISE PORTAL FOR PUBLIC CERTIFICATES
s/MIME & SSL

HSM, HARDWARE SECURITY MODULES

POST QUANTUM MIGRATION

PKI & CRYPTOGRAPHY PRODUCTS

egofy CARD
Smart Cards & Token

primeID VSC
Virtual Smard Card

primeID ONDEMAND
Remote VSC platform

primeID SELF SERVICE
Self Service for Smart Cards

primeID DISCOVER
Monitor certificates

primeID VALIDATE
Enterprise OCSP

TECHNOLOGY PARTNER

SIGNATURES & SEALS

Integrate signatures into your application
for OEM via API

Signatures & seals for your employees
with primesign as an enterprise solution

Sign a document online & instantly
for individuals and as an entry point for companies

primesign Products & Services / eIDAS-Compliant Solutions

SUPPORT

Simply integrate our experts into your ITSM structure / remote support up to 24/7

MORE
MANAGED SERVICES

We take care of the complete operation of your trust services in our data centers, you take care of your business.

MORE

THE USABILITY OF OUR SOLUTIONS ENSURES HIGH ACCEPTANCE.

ONLINE SHOP
Everything to do with smartcards, tokens, readers, certificates and signatures.
GENERAL

We are happy
to help.
T +43 1 35553 - 0

CONTACT
SALES

We are happy to support you.
T +43 1 35553 - 200

CONTACT
SHOP

You are a store customer and have a question or need support.
T +43 1 35553 - 300

SALES
SHOP SUPPORT
STANDARD SUPPORT

You have a standard support contract and need assistance.
T +43 1 35553 - 800

CONTACT
SUPPORT PORTAL PREMIUM

You have a Premium Support contract and need assistance.

PORTAL
LOCATIONS
OUR LOCATIONS
Strong Authentication & Identity

Phishing-Resistant MFA & the Path to Passwordless

Why most MFA is still phishable and what phishing-resistant MFA really means — FIDO2, passkeys, smart cards and a practical path to passwordless.

By CRYPTAS Editorial · · 3 min read

Most multi-factor authentication can still be phished. Here is what phishing-resistant really means — and how to get to passwordless.

Phishing remains the most common way attackers break in, and the uncomfortable truth is that much of today's multi-factor authentication does little to stop it. One-time codes by SMS or app, and simple push approvals, can all be intercepted, replayed or fatigued out of a tired user. As NIS2 and zero-trust strategies raise the bar, organisations across the DACH region are moving from MFA that ticks a box to phishing-resistant MFA that genuinely holds the line.

Why legacy MFA falls short

The weakness is shared secrets and human approval. A code can be entered into a fake site; a push notification can be approved by a user worn down by repeated prompts. Attackers have industrialised these techniques with phishing kits and prompt-bombing. If a credential can be relayed to an attacker in real time, it is not phishing-resistant — no matter how many factors are involved.

What phishing-resistant actually means

  • Cryptographic, origin-bound credentials. Standards like FIDO2 and passkeys bind the authentication to the legitimate site, so a credential simply will not work on a look-alike domain.
  • Certificate-based and smart-card authentication. PKI-backed credentials on a smart card or virtual smart card prove identity with a private key that never leaves the device.
  • No phishable shared secret. There is no code to type and no push to fatigue — nothing for an attacker to capture and replay.

The path to passwordless

  • Start with your highest-risk users. Administrators and privileged accounts first — they are the prize attackers want most.
  • Deploy phishing-resistant factors. Roll out FIDO2 security keys, passkeys or PKI-based smart cards and virtual smart cards.
  • Retire weak fallbacks. Remove SMS and other phishable methods as backups, or they become the path of least resistance.
  • Extend to the workforce. Expand coverage to all users and move toward a passwordless experience that is both safer and smoother.

How CRYPTAS helps

CRYPTAS delivers strong authentication built on proven PKI — including primeID virtual smart cards and egofy smart cards — so you can give users and administrators credentials that resist phishing by design. We help you map your highest-risk access, deploy phishing-resistant factors, and move toward passwordless in line with NIS2 and zero-trust expectations.

Ready to phase out phishable MFA? Talk to CRYPTAS about a phishing-resistant authentication rollout.

Strengthen your digital resilience

Talk to a CRYPTAS expert about PKI, post-quantum readiness and EU compliance.

Talk to an expert

Related articles