Passkeys made mandatory to limit phishing
Following the advice from the National Cyber Security Centre (NCSC), University Management Board (UMB) has approved the recommendation that all members of Imperial must adopt passkeys by the end of July. This is as a result of “more sophisticated phishing attacks” that are being used to target members of the Imperial community – passkeys are designed to be phishing resistant.
Passkeys are the next evolution in authentication; over the years organisations have migrated from just using a username, to credentials to multi-factor authentication (MFA) and now Passkeys. Instead of a password, passkeys rely on cryptographic keys stored in personal devices that can be unlocked via PIN, biometrics or a hardware key.
From Monday 22nd June, all undergraduate and taught postgraduate students will be enrolled into a Passkey registration campaign. When they are next required to complete an MFA challenge, they will be prompted to setup a Passkey – they will have the ability to snooze this up to a maximum of 14 days.
In April, at least two Imperial accounts were compromised that resulted in phishing emails being sent to students advertising sham giveaways.
UMB also plans to reduce cyber security risk and improve the security of the College’s 377 public-facing servers, which it called a “significant attack surface” in its last meeting.
