UK NCSC advises full migration to passkeys, calling passwords legacy technology

The UK National Cyber Security Centre published guidance on 24 April 2026 advising all organisations to migrate to passkeys, characterising passwords as legacy technology that should be left in the past. The NCSC guidance recommends passkey adoption for consumer-facing and internal systems, noting that phishing-resistant authentication eliminates the most common credential-theft attack vector. For law enforcement, the advisory directly affects operational system access, evidence management platforms, body camera portals, and custody systems that currently rely on password authentication. The NCSC guidance follows a sustained period of credential-based attacks on UK public sector systems and aligns with the broader shift toward FIDO2-compliant authentication standards across government.

In this domain: Cambodia’s new anti-scam law takes effect: 311 arrested at Phnom Penh compound in first major operation days after statute enacted · Dutch parliament votes to block US takeover of DigiD national identity system over sovereignty concerns · UK Digital Verification Service trust framework wins backing from industry and former critics of centralised identity