In plain English
FIDO2 is the technology behind phishing-resistant login. Instead of a password (which can be stolen), FIDO2 uses a cryptographic key stored on a device or security key. Because the key is tied to the specific website it was registered for, phishing pages cannot capture it — making it the strongest available authentication method.
Full definition
FIDO2 consists of two open standards: WebAuthn (a W3C browser API) and CTAP2 (a protocol for communicating with external authenticators like YubiKeys). Together they enable devices to authenticate users using biometrics, PIN, or hardware security keys without transmitting secrets over the network.
Microsoft supports FIDO2 across , Windows Hello for Business, and the Microsoft Authenticator app. Australian government guidance — and the 3 — specifies , of which FIDO2 is the primary implementation.