UK Leads Global Shift Away from Passwords
The UK government is planning a major step in online security: replacing traditional passwords and text message codes with Passkeys across its digital GOV.UK services by the end of the year. This was announced at the CYBERUK conference by the National Cyber Security Centre (NCSC), marking the UK as a global leader in adopting safer and more modern login methods.
What Are Passkeys and Why Are They Safer?
Passkeys are secure digital credentials stored on your phone or computer. When you log into a website or app, the device uses the passkey to confirm who you are so no need for passwords or SMS codes. Because the passkey never leaves your device, it’s almost impossible for hackers to steal it unless they have your physical device.
This new login method is not only safer but also faster. Logging in with a passkey takes around 8 seconds, while traditional password and SMS methods can take nearly 70 seconds. The government also expects to save millions of pounds by avoiding SMS-related costs.
Why Passwords Are Failing
Most cyberattacks happen because of stolen or weak passwords. Many people reuse the same password or fall for phishing scams. Even though using two-step verification helps, not everyone uses it, and some methods are still vulnerable. That’s why the NCSC is moving toward a password-free future.
While passkeys offer better security and user experience, some issues remain:
- Different Systems: Some passkeys are tied to one device, others are synced across devices. This confuses both websites and users.
- Lost Devices: People worry about what happens if they lose the device with their passkeys.
- Hard to Move: Moving passkeys between platforms or accounts isn’t easy yet.
- Account Recovery Risks: Hackers might target recovery steps like email or phone support.
- Inconsistent Language: Different platforms use different terms for the same thing, confusing users.
- Not for Everyone: Shared or public devices don’t work well with passkeys, and not everyone can use biometrics.
What About Websites and Apps And What’s the UK Government Doing About It?
Websites offering passkey login face their own difficulties. Some may require multiple passkeys if they use different domains. Also, there’s still debate about whether passkeys count as proper two-factor authentication, especially for sensitive accounts like banks. The NCSC is working with global groups like FIDO and major tech companies to solve these problems. They’re also encouraging UK businesses to start offering passkeys and testing the technology in services like GOV.UK One Login. Their goal is to make passkeys the standard way to log in once all the kinks are worked out.
According to NCSC
