Uncategorized

Introduce Phishing-Resistant MFA Support

Dear REFEDS Community,

We’re excited to announce the launch of the 2025 REFEDS MFA Profile Working Group! This group aims to strengthen community support for stronger authentication by adding support for phishing-resistant multi-factor authentication (MFA). As authentication requirements continue to evolve—especially with growing mandates from organizations like the U.S. National Science Foundation (NSF)—it’s more important than ever to keep our standards current and aligned.

Why Focus on Phishing-Resistant MFA?

The NSF recently mandated MFA for its research.gov grant management portal and plans to require phishing-resistant MFA for users with sensitive access. This evolving requirement highlights the need for robust, phishing-resistant authentication mechanisms across the Research and Education (R&E) community. By updating the REFEDS MFA Profile to signalling for phishing-resistant MFA, we aim to ensure that our authentication practices remain secure and relevant in the face of new challenges.

Working Group Objectives

The primary goals of the 2025 REFEDS MFA Profile Working Group include:

  • Update the REFEDS authentication assurance profiles to clearly define phishing-resistant MFA and signaling mechanisms.
  • Analyze government and standards-based guidance (such as eIDAS and NIST 800-63) to understand how to map and adopt phishing-resistant MFA standards.
  • Engage with the community to gather input, build consensus, and align our approach with international practices and requirements.

Get Involved: Your Expertise Matters

We invite all members of the REFEDS community to participate in this important initiative. Whether you’re an IAM expert, a policy developer, or simply passionate about strengthening authentication practices, your voice matters!

How to Participate:

Meetings and Slack – Join our virtual meetings and Slack discussion channel to stay engaged with our progress and contribute ideas. Meeting time/coordinate, Slack channel information, as well as meeting minutes can be found on the group’s wiki: https://wiki.refeds.org/display/GROUPS/MFA+Subgroup

Looking Ahead

Over the next nine months, the working group will conduct assessments, draft updates, and facilitate community consultations to ensure our profiles reflect the latest best practices. We look forward to working with you to build a more resilient and secure authentication framework for the global R&E community.

Best regards,
The 2025 REFEDS MFA Profile Working Group Coordinators