Passkeys change the operating model for identity, but they also raise the baseline expectation that every public sector service exposing citizen accounts will converge on phishing resistant authentication instead of treating it as a premium control. The next wave of attacks will shift toward device enrolment abuse, recovery workflows, and endpoint compromise, and Singapore's regional peers will accelerate similar identity modernisation programmes to avoid becoming the softer target.
Passkeys change the operating model for identity, but they also raise the baseline expectation that every public sector service exposing citizen accounts will converge on phishing resistant authentication instead of treating it as a premium control. The next wave of attacks will shift toward device enrolment abuse, recovery workflows, and endpoint compromise, and Singapore's regional peers will accelerate similar identity modernisation programmes to avoid becoming the softer target.