Phishing-resistant MFA protects one moment: the login. Attackers have noticed. 
They've moved to the enrollment flow, the helpdesk ticket, the session cookie, and the fallback flow that uses a password. 

This session examines architecting phishing resistance as a system-wide property — not a point-in-time event. We'll cover identity verification at enrollment and recovery, proximity-based authentication where hardware tokens aren't viable, architectures that remove passwords entirely, session theft protection, and carrying phishing-resistant trust into environments that don't natively support it. 

Ultimately, this session will cover where gaps in protection are today and what closing them (in real life) looks like.