Phishing Protection

Phishing (= password fishing) is a common form of attacks on computer users. The attackers fake emails and websites of legitimate companies and organizations. The attackers use this as an excuse to persuade users to enter sensitive information, usually access data such as passwords or PINs.

Weak or stolen passwords as well as phishing are among the most common gateways for successful hacker attacks, at around 60%, as an IBM study from 2019 shows.


With FIDO U2F and FIDO2 or WebAuthn, there are new standards that enable robust two-factor authentication (FIDO U2F) and passwordless login (FIDO2).

For two-factor authentication (2FA), all you need is your Nitrokey FIDO U2F or Nitrokey FIDO2 and you trigger the 2FA at the touch of a button on the Nitrokey.

For the password-free login (FIDO2 or WebAuthn), you only need your Nitrokey and can use it to log in to e.g. Microsoft services (Windows, Office 365) and other web and enterprise systems (e.g. Nextcloud) at the touch of a button and by entering your PIN, without any password (if desired, even without a user name).

Both methods (FIDO U2F and FIDO2) offer high security. Thus the Nitrokey checks whether the domain used actually belongs to the service. This makes phishing attacks on a technical level much more difficult.


  • Simple usability at the touch of a button (and device PIN if necessary).
  • High security against phishing attacks (through integrated domain check).
  • More secure than other two-factor authentication methods (e.g. SMS or TOTP/HOTP).
  • By supporting all common web browsers, no additional client software or driver installation is necessary.

Human Firewall

Our partner company SoSafe helps you to expand your protection measures against phishing by training the awareness and knowledge of your employees.

Partner   Headquarters Data location
SoSafe's awareness platform sensitizes, trains and tests employees in dealing with all kinds of cyber threats. The training is interactive, motivating and 100% data protection compliant. With comprehensible KPIs and differentiated reporting, the success of cyber security training measures becomes measurable and visible.
Germany Cloud


Contact  Shop  Documentation