Source: The Register
The NCSC's formal endorsement of passkeys is the first major institutional validation that password-based authentication is a liability—a shift that carries weight in regulated industries where government security guidance drives infrastructure decisions. Banks, healthcare systems, and government agencies now face concrete pressure to prioritize passkey adoption, though the transition will be messy: enterprises managing legacy systems and users resistant to biometric or device-based login will operate hybrid authentication for years. The endorsement matters less as a technical breakthrough than as regulatory permission. It converts what security researchers have argued for a decade into official policy, giving CISOs budget justification and procurement leverage to deprioritize password management infrastructure.