Pricing  Get Quote

Passwordless authentication

Combating phishing attacks with
multi-factor authentication

Phishing-resistant MFA with ADSelfService Plus

Start free trial

What is a phishing attack?

Phishing is a type of cyberattack in which hackers steal users' sensitive information by sending convincing fraudulent emails or messages containing malicious links in disguise. There are many types of popular phishing attacks, namely email phishing, spear phishing, whaling, smishing, and vishing.

A study by Valimail, an email security company, indicates that approximately 3 billion malicious emails are sent daily, which accounts for nearly 1% of all emails sent.

How and why are phishing attacks successful?

Phishing, unlike most cyberattacks, directly interacts with users and exploits their lack of discernment. In the case of other cyberattacks, like brute-force and dictionary attacks, IT admins can intervene and deploy mechanisms to defend against them. But, in phishing, the success of the attack and the security of an organization depends solely on users and their ability to distinguish and dodge these attacks.

Phishing attacks are cleverly devised to trick users. To ensure that there is a certain degree of truth in the messages, attackers throw disinformation into the mix—like creating a fake scenario that mentions the correct names of people or locations associated with the targeted victim. Phishing emails or messages will aim at creating a sense of urgency in users. In their panic, users fail to validate the authenticity and logic of the message and fall victim to the attack.

What is phishing-resistant MFA and how does it work?

Phishing-resistant multi-factor authentication (MFA) is an identity verification technology which is not susceptible to phishing attacks. This is because, contrary to traditional MFA methods like SMS OTPs and push notifications, phishing-resistant MFA does not require action from the user, removing the vulnerable human element from the MFA process.

The US Federal Government's Zero Trust strategy talks about two phishing-resistant MFA technologies: the FIDO2 WebAuthn standard and PIV smart cards. These technologies utilize asymmetric cryptography principles and respond solely to valid authentication requests while also verifying user intent throughout the authentication process.

The FIDO standard was created by the FIDO Alliance, a non-profit consortium consisting of several organizations worldwide. In FIDO2-based authentication technology, the identity provider (IdP) creates a unique cryptographic key pair, also known as asymmetric or public-key cryptography, for the device (mobile device or special token, like YubiKey) that a user enrolls with. Based on this key pair, the IdP can know and trust the device, and all communication to and from the device will be recognized as legitimate and not from a malicious actor. But, since there is a possibility of the device being stolen, biometric authentication is mandated on top of this process. This means that from the user's perspective, biometric authentication will be perceived as the only identity verification method involved.

The personal identity verification (PIV) standard is quite similar to the FIDO2 standard and uses smart cards to provide secure phishing-resistant MFA.

Phishing-resistant MFA with ADSelfService Plus

ManageEngine ADSelfService Plus offers adaptive MFA with 20 different authenticators, including the phishing-resistant FIDO2 authenticator. You can deploy MFA to secure on-premise and cloud application logins, machines, VPNs, OWA, and self-service password management activities. With ADSelfService Plus, you can customize the MFA authentication flow for different user accounts based on their OU and group memberships, so you can more tightly secure privileged accounts and activities from cyberthreats.

Multiple MFA authenticators

  • Login activity monitoring

    Choose from nearly 20 different authenticators, including phishing-resistant authenticators, to verify your users' identities.


    Set up different MFA flows for different groups or departments in your organization.

Conditional access

  • Login activity monitoring

    Create your own rules based on which adaptive authentication takes place.


    Choose from a wide range of conditions, such as IPs, business hours, and geolocation.

Benefits of implementing phishing-resistant MFA using ADSelfService Plus

Make your organization immune to account takeovers using adaptive MFA

Get your free trial

ADSelfService Plus also supports


    Adaptive MFA

    Enable context-based MFA with 19 different authentication factors for endpoint and application logins.

    Learn more  

    Enterprise single sign-on

    Allow users to access all enterprise applications with a single, secure authentication flow.

    Learn more  

    Remote work enablement

    Enhance remote work with cached credential updates, secure logins, and mobile password management.

    Learn more  

    Powerful integrations

    Establish an efficient and secure IT environment through integration with SIEM, ITSM, and IAM tools.

    Learn more  

    Enterprise self-service

    Delegate profile updates and group subscriptions to end users and monitor these self-service actions with approval workflows.

    Learn more  

    Zero Trust

    Create a Zero Trust environment with advanced identity verification techniques and render your networks impenetrable to threats.

    Learn more  

ADSelfService Plus trusted by