CONSENSUS WIRE
← Back to Tech & Science

UK Cyber Security Centre Ditches Passwords in Favor of Passkeys

Tech & ScienceAI-Generated & Algorithmically Scored·

AI-generated from multiple sources. Verify before acting on this reporting.

LONDON (AP) — The United Kingdom’s National Cyber Security Centre has officially withdrawn its recommendation for traditional passwords, declaring them obsolete in the face of modern cyber threats and urging a complete transition to passkeys as the primary method of digital authentication.

The announcement, made Thursday, marks a significant shift in cybersecurity policy for the UK. The NCSC stated that passwords are no longer secure enough to protect users against sophisticated phishing attacks and data breaches. Dave Chismon, a senior technology expert at the NCSC, emphasized that the vulnerability of text-based credentials has reached a critical point.

Passkeys, which utilize biometric verification such as fingerprints or facial recognition combined with cryptographic keys, offer a password-free alternative that is significantly harder for attackers to steal. Unlike passwords, which can be phished or found on the dark web, passkeys are tied to specific devices and require physical user presence to authorize access.

The move aligns with growing industry trends. Google has already begun integrating passkey support across its ecosystem, and cybersecurity researchers from Cybernews have highlighted the technology’s resilience. Alan Woodward, a cybersecurity professor at Surrey University, noted that the shift represents a necessary evolution in digital defense. Woodward stated that the era of the static password is effectively over, as the technology cannot withstand the scale of automated credential stuffing attacks currently plaguing the sector.

Nordpass, a password management company, has also adapted its services to support the new standard, signaling broader industry acceptance of the transition. The NCSC’s directive applies to government agencies and private sector organizations operating within the UK, urging them to implement passkey infrastructure immediately.

The transition is not without challenges. While passkeys offer superior security, widespread adoption requires significant updates to legacy systems and user education. Some organizations may face technical hurdles in migrating millions of user accounts from password-based authentication to the new standard. Additionally, the reliance on biometric data raises privacy considerations that regulators and tech companies must address.

The NCSC has not specified a deadline for the full phase-out of passwords, but the center indicated that the recommendation change is immediate. Users are advised to enable passkey support on their devices and accounts as soon as possible. The center will continue to monitor the effectiveness of the transition and may issue further guidance as the technology matures.

As the cybersecurity landscape evolves, the question remains how quickly the global community will follow the UK’s lead. Other nations and international bodies are expected to review their own authentication standards in light of the NCSC’s decision. The shift to passkeys could redefine digital security protocols worldwide, but the pace of adoption will depend on the willingness of tech giants and governments to invest in the necessary infrastructure.