Multi-factor authentication used for authenticating users of systems is phishing-resistant.
Topic
Multi-factor authentication
Applicable to
all
History
Dec 2023
Multi-factor authentication used for authenticating users of systems is phishing-resistant.
The existing control relating to phishing-resistant multi-factor authentication being used for systems was amended to reflect that it relates to users (but not customers).
Sep 2023
Multi-factor authentication used for systems is phishing-resistant.
The existing control relating to the implementation of phishing-resistant multi-factor authentication was split into four separate controls reflecting the different scenarios in which it may be applied by an organisation as they progressively adopt the technology. Specifically, one control for users of systems (e.g. local authentication to workstations), one control for users of online services (e.g. use of cloud services) and two controls for users of online customer services. [ISM-1682, ISM-1872, ISM-1873, ISM-1874]
Mar 2023
Multi-factor authentication is phishing-resistant.
An existing control relating to ‘verifier-impersonation resistant’ multi-factor authentication was amended to ‘phishing-resistant’ multi-factor authentication to align with increasingly prevalent industry terminology.