Multi-factor authentication used for authenticating customers of online customer services provides a phishing-resistant option.
Topic
Multi-factor authentication
Applicable to
all
History
Dec 2023
Multi-factor authentication used for authenticating customers of online customer services provides a phishing-resistant option.
The existing controls relating to phishing-resistant multi-factor authentication being used for online customer services were amended to reflect that they relate to customers (but not users). [ISM-1873, ISM-1874]
Sep 2023
Multi-factor authentication provided for online customer services offers a phishing-resistant option.
The existing control relating to the implementation of phishing-resistant multi-factor authentication was split into four separate controls reflecting the different scenarios in which it may be applied by an organisation as they progressively adopt the technology. Specifically, one control for users of systems (e.g. local authentication to workstations), one control for users of online services (e.g. use of cloud services) and two controls for users of online customer services. [ISM-1682, ISM-1872, ISM-1873, ISM-1874]