A novel Device Code phishing technique automates the authentication process, allowing attackers to bypass FIDO's phishing resistance by redirecting victims to a legitimate authentication page without needing them to manually enter codes. Despite Microsoft's fixes for normal Entra tenants, vulnerabilities remain for federated tenants. The article emphasizes the dangers of this attack model, which can exploit users’ trust in established authentication methods.