To prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organisations and their employees. While there's currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD21, GDPR2, and the upcoming Cyber Resilience Act (CRA)3 – emphasising the importance of ensuring cyber resilience against unauthorised access from credential phishing attacks.