The UK's National Cyber Security Centre (NCSC) has officially endorsed passkeys as the default authentication standard, marking the first time the agency has told consumers to move away from passwords entirely. New official guidance states that passwords should not be used where passkeys are available, overturning decades of conventional advice. A technical report, released today at the NCSC's annual CYBERUK conference, concludes passkeys "are at least as secure as, and generally more secure than" a password and two-step verification (2SV) combo. The agency had considered this move last year, but held off until some "implementation challenges" were addressed by the industry, including inconsistent passkey naming across platforms, unreliable device support, and limited credential manager compatibility. Those gaps have since narrowed enough to act.…