Our updated multi-factor authentication (MFA) guidance recommends organisations use techniques that give better protection against phishing attacks.Source:: NCSC Guidance