Advice for organisations on implementing strong methods of multi-factor authentication (MFA) for accessing corporate online services.
This guidance describes how administrators responsible for managing access to online digital services for their organisation can apply the strongest types of multi-factor authentication (MFA). It describes the various types of MFA that are commonly available, explains some pitfalls to avoid, and encourages the use of services that support the strength of MFA you require.
- For advice on authenticating customers for an online service that you provide, refer to our guidance ‘Authentication methods: choosing the right type’.
- For advice on protecting your personal accounts with 2-step verification, refer to our guidance on Setting up 2-Step Verification (2SV).
In this guidance
- Why multi-factor authentication matters
- Recommended types of multi-factor authentication
- Mandating strong multi-factor authentication for access to sensitive data
- Gaining trust in devices
- Avoiding multi-factor authentication anti-patterns
- Choosing online services with the right authentication
Find out more about implementing strong methods of MFA here.
Related content
With instances of cyber crime and fraud on the rise, the CyberScotland Partnership is preparing to launch a week of events aimed at engaging the country’s businesses, organisations and individuals with cyber security and awareness.
We caught up with Chris Pinder, to discuss how he got into the field of cyber security and what advice he would give to aspiring cyber security professionals who may be considering this career path. Tell us a bit about […]
NCSC has launched a new Cyber Incident Exercising scheme, giving organisations access to NCSC assured exercising providers for the first time.
The new CIE Scheme provides organisations with access to NCSC assured CIE service providers able to create bespoke, structured table-top or live-play cyber incident exercises.