UK Cyber Leaders Advocate Replacing Passwords with Passkeys
UK cyber leaders are urging people to move away from traditional passwords and start using passkeys where available to secure online accounts. The National Cyber Security Centre (NCSC) has described this shift as “overhauling decades of security practice,” recommending passkeys as a more secure alternative to passwords.
What Are Passkeys and How Do They Work?
Passkeys are a form of digital authentication that do not require users to remember codes or complex combinations of letters, numbers, and symbols. Instead, passkeys use cryptography and are unique to each website or app a user accesses. They work alongside device-level technology such as Face ID and Touch ID on iPhones or Face Unlock on Google Pixel phones.
When logging in, the device generates a secure key pair: one key remains on the device, and the other is stored by the service being accessed. This process uses public key cryptography, meaning only a confirmation that the user has completed the authentication check is exchanged—not the actual biometric or PIN data.
Benefits and Considerations of Passkeys
- Increased Security: Passkeys are resistant to phishing attacks and cannot be intercepted or stolen by remote attackers, as only the key holder can access their accounts.
- Unique to Each Site: Unlike passwords, passkeys are unique for every website or app, reducing the risk associated with password reuse.
- User-Friendly: Passkeys eliminate the need to remember passwords, easing the burden on users.
Jonathan Ellison, director for national resilience at the NCSC, described passkeys as “a user-friendly alternative which provide stronger overall resilience” and noted they could help solve the long-standing issues related to remembering passwords.
However, experts caution that passkeys are “not a silver bullet.” Challenges include potential difficulties if a user loses access to their device, as passkeys are tied to specific hardware. Additionally, adoption has been slow, and many platforms still do not support passkeys as a login option.
Growing Adoption and Future Outlook
Major technology companies such as Apple, Google, and X have already integrated passkey support. The Fido Alliance reports that passkeys are now supported across all major operating systems, internet browsers, and by third-party providers.
Niall McConachie, regional director at cybersecurity firm Yubico, highlighted that the UK Government’s adoption of passkeys across digital services last year signals that this technology is becoming mainstream rather than a niche trend.
Daniel Card of BCS, the Chartered Institute for IT, emphasized that moving from passwords to password managers, multi-factor authentication, and now passkeys represents a significant step forward in reducing cybersecurity risks. This progression explains why organizations like the NCSC are backing passkeys and why many security professionals are adopting them wherever possible.