Ethical Hacking News
The UK's National Cyber Security Centre has officially endorsed passkeys as the default authentication standard, marking a significant shift in the agency's stance on password usage. This move is based on the fact that passkeys are more secure and user-friendly than traditional passwords.
The UK's National Cyber Security Centre (NCSC) has endorsed passkeys as the default authentication standard. Passwords will no longer be the preferred method of authentication in certain situations, but should still be used in conjunction with passkeys when available. Passkeys are considered more secure and user-friendly than traditional passwords. The NCSC recommends using a password manager to ensure complex and unique passwords. The endorsement marks an important milestone in the development of this technology, aiming to boost UK security.
The world of cybersecurity is constantly evolving, with new threats and technologies emerging to stay ahead of the game. In this context, a recent development by the UK's National Cyber Security Centre (NCSC) has sparked significant attention and interest among experts and consumers alike. The NCSC, which is responsible for protecting the nation's digital infrastructure, has officially endorsed passkeys as the default authentication standard. This move marks a significant shift in the agency's stance on password usage, with passkeys now being considered the preferred method of authentication.
In its official guidance, the NCSC states that passwords should no longer be used where passkeys are available. This decision is based on the fact that passkeys "are at least as secure, and generally more secure than" a password and two-step verification (2SV) combo. Passkeys work by creating a cryptographic key pair between a user's device and the protected account. They cannot be guessed or phished, are up to eight times faster to use than passwords, and eliminate the fatigue of creating and remembering credentials.
The NCSC had considered this move last year but held off until some "implementation challenges" were addressed by the industry. These challenges included inconsistent passkey naming across platforms, unreliable device support, and limited credential manager compatibility. Fortunately, these gaps have since narrowed enough to act, making it possible for the agency to endorse passkeys as the default standard.
Google, eBay, and PayPal are just a few of the major platforms that have made it easier for users to adopt passkeys. According to the NCSC, around 50 percent of UK Google users have registered at least one passkey. Microsoft also made passkeys the default standard nearly a year ago, demonstrating the growing adoption of this technology.
While passwords will no longer be the preferred method of authentication in certain situations, the NCSC advises consumers and businesses to keep using the password+2SV combo where passkeys are not available. However, the agency recommends using a password manager to ensure that passwords remain complex and unique to each service. This is crucial in preventing credential stuffing attacks and other types of cybercrime.
The endorsement of passkeys by the NCSC marks an important milestone in the development of this technology. As Jonathon Ellison, director for national resilience at the NCSC, noted, "The headaches that remembering passwords have caused us for decades no longer need to be a part of logging in where users migrate to passkeys – they are a user-friendly alternative that provides stronger overall resilience." The agency's decision to endorse passkeys is also seen as a proactive measure to boost the state of UK security.
Richard Horne, CEO of the NCSC, highlighted the current situation regarding cyberattacks in the UK. He stated that the number of nationally significant cyberattacks hitting Britain is hovering around similar levels as October, when the NCSC reported witnessing four every week. Taking into account the current geopolitical climate and the sophistication of AI models threatening defenders, Horne urged organizations to prioritize security hygiene as the country enters a period of "tumultuous uncertainty."
In conclusion, the UK's National Cyber Security Centre has officially endorsed passkeys as the default authentication standard, marking a significant shift in the agency's stance on password usage. This move is based on the fact that passkeys are more secure and user-friendly than traditional passwords. As consumers and businesses adopt this new standard, it will be crucial to prioritize security hygiene and use best practices to protect digital infrastructure.
Related Information:
https://www.ethicalhackingnews.com/articles/The-UKs-National-Cyber-Security-Centre-Endorses-Passkeys-as-the-Default-Authentication-Standard-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/04/23/ncsc_passkey_tech_now_reliable/
https://www.theregister.com/2026/04/23/ncsc_passkey_tech_now_reliable/
https://article.wn.com/view/2026/04/23/Pass_the_key_passwords_have_passed_their_sellby_date/
Published: Thu Apr 23 03:45:20 2026 by llama3.2 3B Q4_K_M
