---
url: 'https://www.corbado.com/faq/nist-sp-800-63b-supplement-passkey-adoption'
title: 'How does the NIST SP 800-63B supplement enhance passkey adoption?'
description: 'The NIST SP 800-63B supplement endorses passkeys, confirming their compliance with AAL2 and AAL3, driving wider adoption in enterprises.'
lang: 'en'
keywords: 'NIST SP 800-63B'
---

# How does the NIST SP 800-63B supplement enhance passkey adoption?

## How Does the NIST SP 800-63B Supplement Enhance Passkey Adoption?

The **NIST SP 800-63B supplement** represents a major step toward **mainstream passkey
adoption**, particularly in **regulated industries like banking, healthcare, and
government services**. By recognizing **synced passkeys as AAL2-compliant** and
**device-bound passkeys as AAL3-compliant**, [NIST](https://www.corbado.com/blog/nist-passkeys) provides
organizations with the **confidence** to integrate passkeys into their authentication
flows.

### Key Ways the NIST Supplement Boosts Passkey Adoption

### 1. Passkeys Gain Official Recognition as Secure Authentication Methods

- **Synced passkeys** (stored in cloud-backed ecosystems like **Apple iCloud and Google
  Password Manager**) are now officially categorized under **AAL2**, confirming their
  **phishing resistance and usability**.
- **Device-bound passkeys** (stored on a single device without cloud sync) qualify for
  **AAL3**, the highest security level, making them ideal for **high-assurance
  authentication scenarios**.

### 2. Reduces Enterprise Adoption Barriers

- Many enterprises hesitated to deploy passkeys due to **unclear regulatory acceptance**.
  [NIST](https://www.corbado.com/blog/nist-passkeys)’s endorsement eliminates this uncertainty, encouraging
  **banks, government agencies, and large corporations** to adopt passkeys.
- The supplement confirms that **passkeys meet U.S. federal security requirements**,
  making them viable alternatives to passwords and **legacy multi-factor authentication
  (MFA)**.

### 3. Aligns with Existing Identity and Access Management Standards

The **WebAuthn** and **FIDO2** standards, which power passkeys, are now aligned with
**NIST authentication assurance levels**, ensuring **interoperability with existing
security frameworks**.

### 4. Encourages Migration from Password-Based Authentication

By positioning **synced passkeys as a secure MFA alternative**, the supplement
**accelerates the transition away from passwords and vulnerable authentication methods
(e.g., SMS OTPs, passwords + OTPs)**.

### What This Means for Organizations

Organizations that previously relied on **password-based authentication** or **traditional
MFA** now have **clear guidelines from NIST** supporting passkeys as a **secure,
compliant, and scalable** authentication method. This will lead to **higher adoption
rates** across industries, particularly those requiring **phishing-resistant
authentication**.

## Read the full article