When deploying a FIDO2 relying party, which origin binding mechanism ensures that credentials cannot be used on phishing sites?
-
A
Cookie-based session tokens
-
B
The rpId bound to the registered domain origin
-
C
IP address allowlisting
-
D
TLS certificate pinning only