How does the NIST SP 800-63B supplement enhance passkey adoption?

Vincent Delitz

Vincent

Created: January 31, 2025

Updated: January 31, 2025

Do you want to learn more?

Read full blog post

How Does the NIST SP 800-63B Supplement Enhance Passkey Adoption?#

The NIST SP 800-63B supplement represents a major step toward mainstream passkey adoption, particularly in regulated industries like banking, healthcare, and government services. By recognizing synced passkeys as AAL2-compliant and device-bound passkeys as AAL3-compliant, NIST provides organizations with the confidence to integrate passkeys into their authentication flows.

nist sp 800 63b supplement passkey adoption

Key Ways the NIST Supplement Boosts Passkey Adoption#

1. Passkeys Gain Official Recognition as Secure Authentication Methods#

  • Synced passkeys (stored in cloud-backed ecosystems like Apple iCloud and Google Password Manager) are now officially categorized under AAL2, confirming their phishing resistance and usability.
  • Device-bound passkeys (stored on a single device without cloud sync) qualify for AAL3, the highest security level, making them ideal for high-assurance authentication scenarios.

2. Reduces Enterprise Adoption Barriers#

  • Many enterprises hesitated to deploy passkeys due to unclear regulatory acceptance. NIST’s endorsement eliminates this uncertainty, encouraging banks, government agencies, and large corporations to adopt passkeys.
  • The supplement confirms that passkeys meet U.S. federal security requirements, making them viable alternatives to passwords and legacy multi-factor authentication (MFA).
Enterprise Icon

Get free passkey whitepaper for enterprises.

Get for free

3. Aligns with Existing Identity and Access Management Standards#

The WebAuthn and FIDO2 standards, which power passkeys, are now aligned with NIST authentication assurance levels, ensuring interoperability with existing security frameworks.

4. Encourages Migration from Password-Based Authentication#

By positioning synced passkeys as a secure MFA alternative, the supplement accelerates the transition away from passwords and vulnerable authentication methods (e.g., SMS OTPs, passwords + OTPs).

What This Means for Organizations#

Organizations that previously relied on password-based authentication or traditional MFA now have clear guidelines from NIST supporting passkeys as a secure, compliant, and scalable authentication method. This will lead to higher adoption rates across industries, particularly those requiring phishing-resistant authentication.

Do you want to learn more?

Read full blog post

Share this article


LinkedInTwitterFacebook

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.


We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour

Start for free