Advice for organisations on implementing strong methods of multi-factor authentication (MFA) for accessing corporate online services.
This guidance describes how administrators responsible for managing access to online digital services for their organisation can apply the strongest types of multi-factor authentication (MFA). It describes the various types of MFA that are commonly available, explains some pitfalls to avoid, and encourages the use of services that support the strength of MFA you require.
- For advice on authenticating customers for an online service that you provide, refer to our guidance ‘Authentication methods: choosing the right type’.
- For advice on protecting your personal accounts with 2-step verification, refer to our guidance on Setting up 2-Step Verification (2SV).
In this guidance
- Why multi-factor authentication matters
- Recommended types of multi-factor authentication
- Mandating strong multi-factor authentication for access to sensitive data
- Gaining trust in devices
- Avoiding multi-factor authentication anti-patterns
- Choosing online services with the right authentication
Find out more about implementing strong methods of MFA here.
Related content
CyberScotland partner Cyber and Fraud Centre – Scotland has released a new cyber strategy guide for small organisations.
A comprehensive cyber security strategy is crucial to protect organisations, individuals, and governments from devastating cyber attacks.
CREST and IASME are delighted to announce their partnership with the NCSC to help deliver its new Cyber Incident Exercising scheme. The NCSC (National Cyber Security Centre) has created the scheme to help organisations find high quality providers that can advise and support them to effectively practise their cyber incident response plan.
As the summer sun beckons and holiday plans take shape, the excitement of travel can sometimes overshadow the need for vigilance. Unfortunately, scammers are always on the lookout for unsuspecting travellers. From fake booking websites to phishing emails, these cyber threats can turn your dream holiday into a nightmare.