https://community.isc2.org/t5/Tech-Talk/A-world-Without-Passwords/m-p/32493#M2280 <P>I work with a multinational organisation who uses the IEC\ISO 270001 standards to base Policy on, I posted a question and reason why we should embrace Passwordless (<A href="https://www.microsoft.com/en-us/security/business/identity/passwordless" target="_blank">https://www.microsoft.com/en-us/security/business/identity/passwordless</A>) and a question came up about if we are using 270001 as he base of policy could we really go this method.</P><P>&nbsp;</P><P>Could you help with advice on how you read this?</P><P>&nbsp;</P><P>Darren</P> Fri, 07 Feb 2020 11:23:52 GMT DG-ncl 2020-02-07T11:23:52Z https://community.isc2.org/t5/Tech-Talk/A-world-Without-Passwords/m-p/32493#M2280 <P>I work with a multinational organisation who uses the IEC\ISO 270001 standards to base Policy on, I posted a question and reason why we should embrace Passwordless (<A href="https://www.microsoft.com/en-us/security/business/identity/passwordless" target="_blank">https://www.microsoft.com/en-us/security/business/identity/passwordless</A>) and a question came up about if we are using 270001 as he base of policy could we really go this method.</P><P>&nbsp;</P><P>Could you help with advice on how you read this?</P><P>&nbsp;</P><P>Darren</P> Fri, 07 Feb 2020 11:23:52 GMT https://community.isc2.org/t5/Tech-Talk/A-world-Without-Passwords/m-p/32493#M2280 DG-ncl 2020-02-07T11:23:52Z https://community.isc2.org/t5/Tech-Talk/A-world-Without-Passwords/m-p/32497#M2281 <P>ISO 27001 is a set of requirements.&nbsp; Many people often simply look at Annex A, but if you examine clause 6.1.3 you'll see that it's valid to identify risk treatments for your risks from any source.&nbsp; That's means not simply 27001 or 27002, but any reasonable source of technical control.</P><P>&nbsp;</P><P>So it would be valid to use passphrases in place of passwords, passwords with another factor, a smartcard, an application that generates an OTP etc etc.&nbsp; Password are simply the traditional low tech means of authenticating users.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 07 Feb 2020 13:42:16 GMT https://community.isc2.org/t5/Tech-Talk/A-world-Without-Passwords/m-p/32497#M2281 Steve-Wilme 2020-02-07T13:42:16Z https://community.isc2.org/t5/Tech-Talk/A-world-Without-Passwords/m-p/32523#M2285 Thank you for this information. Fri, 07 Feb 2020 22:52:30 GMT https://community.isc2.org/t5/Tech-Talk/A-world-Without-Passwords/m-p/32523#M2285 DG-ncl 2020-02-07T22:52:30Z