What are passkeys?
- Passkeys are unique digital credentials tied to a user’s personal device.
- They offer a way to authenticate identity without the need for traditional passwords or one-time text codes.
- Passkeys never leave the device and so cannot be reused across websites, making them resistant to phishing and other common attacks.
Benefits of passkeys
- Strengthening cyber resilience
- Cutting login times and costs
- Boosting digital service access
- Providing a phishing-proof authentication method
Why the UK is adopting passkeys
The UK government has joined the FIDO Alliance, an international group working on standards for passwordless login. This move aims to shape the future of secure authentication and ensure that the UK is at the forefront of this technology.
| Key Benefits | Key Features |
|---|---|
| Strengthening national cyber resilience | Passkeys are secure against common cyber threats such as phishing and credential stuffing. |
| Reducing login times and costs | Passkeys can be generated quickly and securely, reducing the need for SMS-based verification. |
| Boosting digital service access | Passkeys make it easier and faster for citizens to access essential services. |
Quotes from the experts
“The NCSC has a stated objective for the UK to move beyond passwords in favor of passkeys, as they are secure against common cyber threats such as phishing and credential stuffing.”
— Ollie Whitehouse, NCSC Chief Technical Officer
“Replacing older methods like SMS verification with modern, secure passkeys will make it quicker and easier for people to access essential services.”
— Feryal Clark, AI and Digital Government Minister
“The UK government’s adoption of passkeys across its digital services reflects a profound decision that stands to protect UK citizens while providing the government with greater security and operational efficiency.”
— Andrew Shikiar, Executive Director and CEO of the FIDO Alliance
Challenges and solutions
The NCSC is actively working with vendors and international bodies to address the issues with passkeys, such as recovery options, device syncing, and inconsistent platform support.
- Recovery options
- Device syncing
- Inconsistent platform support
- Passkey
- A unique digital credential tied to a user’s personal device.
- FIDO Alliance
- An international group working on standards for passwordless login.
- Phishing-proof
- A method of authentication that is resistant to phishing and other common attacks.
- Cyber resilience
- The ability of an organization to withstand and recover from cyber attacks.
Conclusion
The UK government’s decision to adopt passkeys across its digital services reflects a profound commitment to strengthening national cyber resilience and providing citizens with greater security and operational efficiency. As the technology continues to evolve, it is essential that the government addresses the challenges associated with passkeys and accelerates adoption. With its leadership in this area, the UK is poised to shape the future of secure authentication and ensure that its citizens are protected from the ever-evolving threat landscape.
