We developed FIDO MFA via Standard Browser for applications without WebAuthn Support.<p>Only if we enforce FIDO-only MFA and block legacy authentication via SMS, Call and Authenticator App we are truly phishing-resistant.<p>WebAuthn is a requirement, but not always available. Some legacy Apps use WebViews without Webauthn support.<p>Detached FIDO Authentication is the answer.<p>We are looking forward to your feedback and hopefully improvement ideas.