Multi-factor authentication used for authenticating users of online services is phishing-resistant.
Topic
Multi-factor authentication
Applicable to
all
History
Dec 2023
Multi-factor authentication used for authenticating users of online services is phishing-resistant.
The existing control relating to phishing-resistant multi-factor authentication being used for online services was amended to reflect that it relates to users (but not customers).
Sep 2023
Multi-factor authentication used for online services is phishing-resistant.
The existing control relating to the implementation of phishing-resistant multi-factor authentication was split into four separate controls reflecting the different scenarios in which it may be applied by an organisation as they progressively adopt the technology. Specifically, one control for users of systems (e.g. local authentication to workstations), one control for users of online services (e.g. use of cloud services) and two controls for users of online customer services. [ISM-1682, ISM-1872, ISM-1873, ISM-1874]