Impersonation-resistant requires use a authentication protocol (authenticators and Verifier) to prevent possible phishing attacks.

There are a number of ways to do this, including various encryption protocols and Digital Signature technologies that bind the authenticator output to a specific protected channel.

One example of a verifier Impersonation-resistant authentication protocol is Mutual Authentication Transport Layer Security (TLS). In this protocol, the client signs the authenticator output and earlier messages that are unique to the particular TLS connection being negotiated.

At AAL3, NIST.SP.800-63B requires authenticators that use a verifier Impersonation-resistant authentication protocol.

More Information#

There might be more information for this subject on one of the following: