- The UK’s National Cyber Security Centre has officially endorsed passkeys as a superior alternative to traditional passwords.
- Passkeys use device‑stored cryptographic keys, often unlocked with biometrics, and are considered more secure than even strong passwords with two‑step verification.
- With major platforms already adopting the technology, the NCSC says industry progress now allows passkeys to be recommended wholeheartedly for everyday use.
The UK government’s cybersecurity outlet has finally endorsed passkeys and said they were a better means of protection than the trusty old password.
The National Cyber Security Centre (NCSC), part of the Government Communications Headquarters (GCHQ) and the United Kingdom’s main authority for cybersecurity, published a new press release on its website, earlier this week.
In it, the agency said “passkeys should now be consumers’ first choice of login across all digital services”, and that it can no longer recommend passwords when a superior option is available.
Article continues below
You may like
UK leading the way
A passkey is a passwordless login method that uses cryptographic keys stored on the device (often unlocked with biometrics) to securely authenticate the user without needing a traditional password.
In a new technical report, published simultaneously with the announcement, NCSC said that passkeys were “at least as secure as, and generally more secure than, pairing the strongest password with two-step verification”.
The announcement also said that UK citizens were already quite aware of the advantages passkeys have over the traditional password. It claims that more than 50% of active Google services users in the UK have a passkey registered. Other major brands, such as eBay and Paypal, have also recently introduced the new authentication method.
Today, Passkeys are a four-year-old technology, having been introduced back in 2022. However, the NCSC could not support it earlier because of, as it says, “key implementation challenges.”
However, the industry has made strides over the last 12 months, meaning passkeys can now be wholeheartedly recommended.
“Adopting passkeys wherever you can is a strong step towards a safer, simpler login experience and I am pleased that we can now support uptake,” commented Jonathon Ellison, Director for National Resilience, NCSC.
“The headaches that remembering passwords have caused us for decades no longer need to be a part of logging in where users migrate to passkeys – they are a user-friendly alternative which provide stronger overall resilience.”
The best password manager for all budgets
Our top picks, based on real-world testing and comparisons
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
