Compromised Accounts – Applying MFA

06/05/2022 10:50:00 AM (BST)

The NHSmail team frequently review the security posture and security level of the platform. For example, the recent move of the banner to the top of an email for any emails received outside of NHSmail was taken in response to genuine threats from malicious actors.

Another threat vector is compromised accounts, these are dealt with quickly with accounts disabled and passwords reset. Compromised accounts are a big threat to any organisation so to further protect the NHSmail platform from this threat, MFA will be applied to every NHSmail account that is compromised.

This change will come into effect with a Portal release expected w/c 4 July 2022.

The current authentication methods for MFA are still valid – Multi-Factor Authentication (MFA) – NHSmail Support as is the use of FIDO tokens – FIDO2 Admin Guide – NHSmail Support.

Further details will be updated here as they become available.

back to top