Multi-factor authentication used for authenticating customers of online customer services is phishing-resistant.
Topic
Multi-factor authentication
Applicable to
all
History
Dec 2023
Multi-factor authentication used for authenticating customers of online customer services is phishing-resistant.
The existing controls relating to phishing-resistant multi-factor authentication being used for online customer services were amended to reflect that they relate to customers (but not users). [ISM-1873, ISM-1874]
Sep 2023
Multi-factor authentication provided for online customer services is phishing-resistant.
The existing control relating to the implementation of phishing-resistant multi-factor authentication was split into four separate controls reflecting the different scenarios in which it may be applied by an organisation as they progressively adopt the technology. Specifically, one control for users of systems (e.g. local authentication to workstations), one control for users of online services (e.g. use of cloud services) and two controls for users of online customer services. [ISM-1682, ISM-1872, ISM-1873, ISM-1874]