FIDO2 is an open standard for passwordless and phishing-resistant authentication, developed by the FIDO Alliance and the W3C. The WebAuthn protocol provides the browser interface, while CTAP (Client to Authenticator Protocol) connects to the hardware token.
Devices such as YubiKey, SoloKey, or the security chips built into smartphones serve as authenticators. During registration, a cryptographic key pair is generated — the private key never leaves the token. Phishing is effectively eliminated because the token responds only to the correct domain. FIDO2 is increasingly recommended as the strongest second factor and can eventually replace passwords entirely.