| Page Properties | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||
|
The below will appear on the Refined page at targetURL
| Excerpt | ||
|---|---|---|
| ||
The rise of passwordless technologyThe 2025 changes to Cyber Essentials Requirement for IT Infrastructure V 3.2 reflect the reflect the changes to login methods that are rapidly taking over in the technology space. Expedited by AI and access to quantum computer systems, cyber threats are rapidly changing and what was once considered a complex cyber attack can now be a *commodity attack within hours. To address the dual challenge of advancing innovation and vital security, vendors are having to reactively evolve their technology. More frequent upgrades and updates to devices are a likely outcome and urgent and sweeping changes to authentication methods are already upon us. Could this be the beginning of the end for passwords? The future is password free Authentication methods that do not require a password at all are becoming increasingly commonplace, and Cyber Essentials has had to address this technology. For years, passwords have been the default method of authentication for a wide range of accounts and services, both at home and at work. And while passwords are accessible, cheap, and portable, they are also frequently reused, forgotten, guessed, brute-forced, and stolen. The inherent vulnerabilities of passwords were a key reason behind the 2022 update to Cyber Essentials, which mandated the additional use of multi-factor authentication (MFA) for all accounts and services accessible over the internet. True passwordless authentication eliminates the need for passwords altogether, providing alternative forms of authentication to allow secure access. This technology will always use more than one factor of authentication, and although there is no password, the other two or more factors can involve a digital certificate (which is like a digital ID card) working behind the scenes, encryption methods, or additional biometric checks combined with codes from authentication apps. Defining Passwordless Authentication in Cyber Essentials Passwordless technology is now included in Cyber Essentials and is defined in the same way as multi-factor authentication, “passwordless authentication is an authentication method that uses a factor other than user knowledge to establish identity“. There are numerous methods of verifying identity without using traditional passwords. Here are some common examples; sometimes these are used in combination:
Read the full NCSC guidance about trusted authentication methods
Adapting to the Future As we look to the future, the shift towards passwordless authentication represents a significant step forward in cyber security. By eliminating the vulnerabilities associated with traditional passwords, organisations can enhance their security posture and reduce the risk of cyber incidents.
*What is a commodity attack? When talking about cyber attacks, the term ‘commoditised’ refers to the process by which certain types of cyber attacks become standardised, widely available, and relatively easy to execute, often due to the availability of tools and services that can be purchased or accessed with minimal effort or expertise. This commoditisation can lower the barrier to entry for cyber criminals, making it easier for a larger number of individuals or groups to carry out attacks. The commoditisation of cyber attacks can lead to an increase in the frequency and variety of attacks, as more people are able to participate in cyber crime. It also means that defenses need to be continually updated to keep pace with the evolving threat landscape. |
...