Phishing-resistant multi-factor authentication uses hardware security keys and cryptographic protocols to ensure that authentication cannot be intercepted or spoofed by an attacker. Unlike traditional methods like short message service (SMS) codes or email-based notifications, which can be vulnerable to social engineering and interception, hardware-based keys require physical possession of a token. This is a critical requirement for protecting administrative access to critical infrastructure. You can read about implementing strong authentication in our evolution guide.

For more information, see Industrial Cyber Security Best Practices.