The U.K.’s National Cyber Security Center (NCSC) recently published guidance highlighting how organizations can strengthen access and identity management security by implementing additional authentication methods beyond just using passwords.
There are several authentication methods that provide security that goes “beyond passwords.” Accordingly, this guidance is being shared to help organizations understand the pros and cons of each method and choose which authentication process is most appropriate for them. The four authentication models described in the guidance include multi-factor authentication (MFA), OAuth 2.0, FIDO2, and Magic links and one time passwords. NCSC notes that “for each authentication method, you should consider both the security and usability of each one, and (most importantly) the profile of your customer base.” Indeed, implementing additional authentication methods can help defend your organization against many potential threats including credential stuffing attacks. Read more at NCSC.