UK security agency officially declares passkeys superior to passwords – passkeys should be the 'first choice' for authentication

News
By published

Passkeys have come a long way in just four years

Passkeys
(Image credit: Shutterstock)
  • The UK’s National Cyber Security Centre has officially endorsed passkeys as a superior alternative to traditional passwords.
  • Passkeys use device‑stored cryptographic keys, often unlocked with biometrics, and are considered more secure than even strong passwords with two‑step verification.
  • With major platforms already adopting the technology, the NCSC says industry progress now allows passkeys to be recommended wholeheartedly for everyday use.

The UK government’s cybersecurity outlet has finally endorsed passkeys and said they were a better means of protection than the trusty old password.

The National Cyber Security Centre (NCSC), part of the Government Communications Headquarters (GCHQ) and the United Kingdom’s main authority for cybersecurity, published a new press release on its website, earlier this week.

In it, the agency said “passkeys should now be consumers’ first choice of login across all digital services”, and that it can no longer recommend passwords when a superior option is available.

Article continues below

UK leading the way

A passkey is a passwordless login method that uses cryptographic keys stored on the device (often unlocked with biometrics) to securely authenticate the user without needing a traditional password.

In a new technical report, published simultaneously with the announcement, NCSC said that passkeys were “at least as secure as, and generally more secure than, pairing the strongest password with two-step verification”.

The announcement also said that UK citizens were already quite aware of the advantages passkeys have over the traditional password. It claims that more than 50% of active Google services users in the UK have a passkey registered. Other major brands, such as eBay and Paypal, have also recently introduced the new authentication method.

Today, Passkeys are a four-year-old technology, having been introduced back in 2022. However, the NCSC could not support it earlier because of, as it says, “key implementation challenges.”

However, the industry has made strides over the last 12 months, meaning passkeys can now be wholeheartedly recommended.

“Adopting passkeys wherever you can is a strong step towards a safer, simpler login experience and I am pleased that we can now support uptake,” commented Jonathon Ellison, Director for National Resilience, NCSC.

“The headaches that remembering passwords have caused us for decades no longer need to be a part of logging in where users migrate to passkeys – they are a user-friendly alternative which provide stronger overall resilience.”

Best password manager header
The best password manager for all budgets

➡️ Read our full guide to the best password manager
1. Best overall:
NordPass
2. Best for mobile:
RoboForm
3. Best for syncing and sharing:
Keeper

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.