Read the full article here
ENISA’s Endorsement: A Milestone for European Cybersecurity
The European Union Agency for Cybersecurity (ENISA) has officially identified passkeys as the leading phishing-resistant multi-factor authentication (MFA) solution in its June 2025 NIS2 Technical Implementation Guide. This endorsement signals a critical shift in how European organizations approach cybersecurity, especially amid rising threats of phishing and credential compromise. ENISA’s recognition is significant for businesses aiming to comply with the evolving NIS2 Directive and strengthen their security posture with state-of-the-art authentication.
What sets Passkeys apart for MFA?
Passkeys, compliant with FIDO2 and WebAuthn standards, offer a combination of advanced cryptography and user-friendly authentication. Unlike traditional methods, like passwords or SMS codes, passkeys are immune to common attacks like phishing and SIM swapping. Authentication is handled via device biometrics (fingerprint, Face ID) or a secure device PIN and private keys never leave the user’s device. This approach eliminates the vulnerabilities of shared secrets, providing a seamless yet robust security model.
ENISA’s Implementation Recommendations: Why Passkeys Excel
ENISA outlines three core pillars for effective MFA: secure fallback planning, user education and robust system operation. Passkeys address each area:
- Secure Recovery: Credentials are safely backed up in user-controlled vaults (e.g., iCloud Keychain, Google Password Manager), streamlining recovery if a device is lost or replaced.
- User Empowerment: Passkeys remove the friction of passwords and codes, reducing user confusion and making MFA accessible to a broader audience.
- Operational Reliability: Native browser and OS support means passkeys are automatically updated for security and detailed logging enables integration with enterprise security monitoring tools.
Why Phishing-Resistant MFA is Essential for Europe’s Digital Landscape
Phishing remains a persistent risk across sectors like finance, healthcare, and government, frequently leading to data breaches and operational disruptions. Traditional MFA is susceptible to social engineering and SIM-based attacks. ENISA’s new guidance, which is aligned with the NIS2 Directive, makes a clear case for upgrading to phishing-resistant authentication methods to ensure both regulatory compliance and the highest security standards.
Strategic Benefits for Businesses Adopting Passkeys
European organizations that implement passkeys gain advantages beyond compliance:
- Enhanced protection of sensitive data
- Reduced risk of credential compromise
- Improved user experience and trust
- Future-proof alignment with cybersecurity regulations
Find out more about ENISA’s recommendations, the NIS2 Directive and practical steps to implement passkeys at scale: https://www.corbado.com/blog/enisa-passkeys
Top comments (0)