Offer customers passkeys by default, UK’s NCSC tells enterprises
Summary
The UK's National Cyber Security Centre (NCSC) is now recommending enterprises offer passkeys as the default authentication method for consumers. This guidance is based on an assessment that passkeys are more secure and user-friendly than traditional passwords, offering resistance to phishing and eliminating password reuse risks.
IFF Assessment
This is good news for defenders as a prominent cybersecurity authority is advocating for a more secure and phishing-resistant authentication method, which can reduce attack surface and credential compromise.
Defender Context
This recommendation signifies a shift towards more robust authentication methods that can significantly mitigate common attack vectors like phishing and credential stuffing. Defenders should monitor the adoption of passkeys and prepare for a future where password-based authentication becomes less prevalent, potentially requiring updates to security infrastructure and user education.