The UK's National Cyber Security Centre (NCSC) has officially endorsed passkeys as the default authentication standard, marking the first time the agency has advised consumers to move away from passwords entirely. A technical report released at the CYBERUK conference concludes passkeys are at least as secure as, and generally more secure than, a password combined with two-step verification. Previous hesitation stemmed from implementation challenges like inconsistent naming, unreliable device support, and limited credential manager compatibility — gaps that have since narrowed. Google, eBay, and PayPal are cited as platforms driving adoption, with around 50% of UK Google users having registered at least one passkey. Where passkeys aren't available, NCSC still recommends password+2SV with a password manager. Passkeys use cryptographic key pairs, cannot be phished or guessed, and are up to eight times faster than passwords.
Sort: