Which authentication method is most resistant to phishing attacks?

Correct answer: Multi-Factor Authentication with hardware tokens

Option D is correct because hardware token-based Multi-Factor Authentication (MFA), such as FIDO2 security keys or TOTP hardware tokens, is highly resistant to phishing because the second factor is either cryptographically bound to the legitimate domain or generates a one-time code that cannot be easily intercepted or replayed by an attacker. Option A is incorrect because email-based verification is vulnerable to account takeover and email phishing, making it a weak second factor. Option B is incorrect because security questions are knowledge-based factors that can be guessed, researched via social media, or obtained through social engineering, offering minimal phishing resistance. Option C is incorrect because username and password credentials are the primary target of phishing attacks and provide no additional protection beyond a single factor.