In March, the 2025 REFEDS MFA Profile Working Group convened weekly to address emerging requirements for robust, phishing-resistant authentication mechanisms across the Research and Education (R&E) community. The Working Group aims to update the REFEDS MFA Profile to allow for signalling the use of phishing-resistant MFA, and submit the proposed revisions to community consultation by the end of 2025.
A key first step in this process is to achieve a clear and actionable definition of “phishing-resistant MFA”. To that end, the Working Group has realized the need to solicit broad feedback from the community before moving forward.
The proposed definition is being made available alongside rationale in an explainer. We invite interested parties to review and comment on the proposed definition (in Section 2 of the document).
For Community Review: REFEDS’s Proposed definition of “Phishing-Resistant MFA”:
The 2025 REFEDS MFA Profile Working Group is open to everyone and meets weekly. For more information the Working Group, please see the Working Group workspace.