The National Cyber Security Centre (NCSC) is urging consumers to abandon passwords in favour of passkeys, arguing they provide stronger protection against phishing and compromised credentials. The agency published technical guidance after engaging with vendors and the FIDO Alliance, and recommends password managers and two-step verification only where passkeys are not available. #NCSC #passkeys
Keypoints
- NCSC recommends passkeys be consumersβ first choice for logging into digital services.
- Passkeys offer stronger protection against phishing and stolen credentials than passwords.
- The guidance follows extensive research and engagement with websites, app developers, vendors and the FIDO Alliance.
- Where services do not support passkeys, users should use a password manager and two-step verification.
- Organizations can enable passkeys via providers like Microsoft, Google and Okta and must plan for storage and recovery (device, cloud manager, or hardware tokens such as YubiKey).
Read More: https://www.helpnetsecurity.com/2026/04/24/ncsc-passkey-adoption-cybersecurity/