It is recommended that consumers switch from using passwords to passkeys as a more secure and user-friendly method for accessing online services. The National Cyber Security Centre (NCSC), a part of GCHQ, no longer suggests using passwords when passkeys are available as an alternative.
Passkeys, securely stored on devices or in credential managers, are easier and quicker to use than passwords and offer enhanced security. A recent technical study found that passkeys are at least as secure, if not more secure, than a password combined with two-factor authentication like SMS codes.
Resilience against phishing
Switching to passkeys can strengthen the UK’s defense against phishing attacks and other cyber threats, which often involve stealing login credentials. The UK government has announced plans to implement passkey technology for digital services, reducing reliance on SMS verification systems.
The NHS has already adopted passkeys, providing patients with secure access to healthcare websites. Major online service providers like Google, eBay, and PayPal also support passkeys, with Google reporting high adoption rates among UK users.
Better security than 2FA
Passkeys offer superior security compared to traditional passwords and SMS two-factor authentication (2FA), which are vulnerable to hacking. Users can securely log in using their devices for verification, reducing the risk of SIM swapping attacks that target SMS authentication.
The NCSC previously hesitated to endorse passkeys due to implementation challenges, but recent progress has made the technology viable, including cross-platform compatibility between Android and Apple devices.
Passkeys not yet recommended for business
While passkeys are recommended for public use, businesses are advised to wait as implementation may take longer. Many organizations still rely on outdated systems that do not support passkeys or 2FA. In the meantime, consumers should create strong passwords and enable two-factor authentication where available.
The transition away from passwords will be gradual, with big banks expected to adopt passkey technology over the next few years. Jonathon Ellison, director at NCSC, believes that passkeys will enhance the UK’s cybersecurity resilience by providing a user-friendly and secure alternative to passwords.
