Deploying phishing-resistant multi-factor authentication helps prevent unauthorized access to your company’s sensitive resources. But what if the process to enroll in that factor is not phishing-resistant? At Okta, we recognize the phishing resistance of a factor traces all the way back to enrollment, and that’s why we have now built into Okta Verify a direct way to bootstrap additional enrollments onto new devices in a phishing-resistant manner. Pat just got a new phone. Since Pat is used to accessing resources seamlessly and securely on their laptop by using Okta FastPass, a phishing-resistant factor, they want to enroll on their new phone as well. While authenticating during enrollment, Pat enters their password and triggers a push to their old phone that has Okta Verify Push. Pat can successfully enroll, but they used two factors that are not phishing resistant. Pat's IT department didn’t anticipate this. They automatically quarantine Pat's account.