THE UK’s National Cyber Security Centre (NCSC) has fully backed passkeys, stating that it should now be consumers’ first choice of login. According to NCSC, this follows a year‑long shift as the agency observed progress across the passkey ecosystem and saw success in use within the National Health Service. It notes that the NCSC no longer recommends passwords, unless passkeys are not available on a digital service.
The agency also highlighted challenges seen last year, centred on inconsistencies across the passkey ecosystem, including multiple flavours of passkeys, different terms used to describe them, and a lack of consensus on when to use them. For businesses, the guidance is to use single sign on (SSO) wherever possible, with the organisation planning to provide more consumer and business guidance in the future.
The piece explains that the FIDO Alliance develops open standards such as FIDO2 and WebAuthn, enabling sign‑in with biometrics, security keys, or device‑based authentication instead of passwords.