Why charities should invest in passwordless technology

October is ’Charity Cyber Essentials Awareness Month’, and we are teaming up with Cyber Essentials Delivery Partner, IASME to offer free cyber security support and guidance. If you are a registered charity and you sign up and pay for Cyber Essentials between 1-31 October, you will receive a discount to the price of certification. 

Cyber Essentials represents the UK Government’s minimum baseline standard for cyber security for organisations of all sizes in the UK. The annually renewable certification scheme is aligned to five technical controls designed to prevent the most common internet-based cyber security threats.  This year, the UK Government’s Cyber Essentials (CE) scheme celebrated its tenth anniversary, marking a decade of bolstering the nation’s cyber resilience through fundamental security measures.  

Continuous improvement 

The pace of change in both technology advancements and cyber threats mean that Cyber Essentials must continue to evolve each year to reflect these changes.  

Each year, IASME conduct a review and update process with the experts from the National Cyber Security Centre (NCSC) where they consider feedback from customers and Assessors and take a look at the changes in the IT landscape.  

This annual process ensures that Cyber Essentials remains relevant and effective, and as a baseline scheme, it is still the most direct and successful route to improving your cyber security through basic controls. 

The future is password-free  

The 2025 changes to Cyber Essentials Requirement for IT Infrastructure V 3.2 reflect the changes to login methods that are rapidly taking over in technology.  

Back in 2019, it was Microsoft that gave us the powerful statistic that multi-factor authentication can block over 99.9 percent of attacks by criminals attempting to access your account. So, perhaps it is no surprise that Microsoft has recently announced that multi-factor authentication is required for all of its services by 15 October 2024.  

Expedited by AI and access to quantum computer systems, cyber threats are rapidly changing and what was once considered a complex cyber attack can now be a *commodity attack within hours. To address the dual challenge of advancing innovation and vital security, vendors are having to reactively evolve their technology. More frequent upgrades and updates to devices are a likely outcome and urgent and sweeping changes to authentication methods are already upon us.  

Could this be the beginning of the end for passwords? 

The rise of passwordless technology 

Authentication methods that do not require a password at all are becoming increasingly commonplace, and Cyber Essentials has had to address this technology. For years, passwords have been the default method of authentication for a wide range of accounts and services, both at home and at work. And while passwords are accessible, cheap, and portable, they are also frequently reused, forgotten, guessed, brute-forced, and stolen.  

The inherent vulnerabilities of passwords were a key reason behind the 2022 update to Cyber Essentials, which mandated the additional use of multi-factor authentication (MFA) for all accounts and services accessible over the internet. 

The commoditisation of cyber attacks can lead to an increase in the frequency and variety of attacks, as more people are able to participate in cyber crime. It also means that defences need to be continually updated to keep pace with the evolving threat landscape. 

Go to the Cyber Essentials Knowledge Hub to find free cyber security guidance for charities 

Find out more about Cyber Essentials