UK National Cyber Security Centre recommends passkeys over passwords

The National Cyber Security Centre (NCSC) recommends the use of passkeys as a more secure alternative to passwords for accessing online services. The guidance supports wider adoption of passwordless authentication across digital platforms.

Passkeys are created and managed on user devices and do not need to be remembered. The NCSC noted that they are resistant to phishing, as they cannot be intercepted, reused or stolen in the same way as passwords.

The NCSC also stated that passkeys can be faster and more convenient to use. Authentication relies on existing device security methods, such as fingerprint, facial recognition or PIN, rather than separate login credentials.

Passkeys are stored and managed through credential managers, which can synchronise access across trusted devices and provide backups. The NCSC advised that where passkeys are not available, users should continue using strong passwords and enable two-step verification.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!