
ISO 27001 in a Passwordless World: The Passkey Migration Playbook
The article argues that enterprises should migrate from password-based authentication to passkeys (FIDO2/WebAuthn) to strengthen security and stay compliant with ISO/IEC 27001, detailing how passkeys work, which controls they map to, practical migration steps, risk considerations (device loss, downgrade attacks), and best practices for phased rollout and documentation, with Passwork offering migration support.