The UK’s National Cyber Security Centre (NCSC) has declared that passwords are no longer sufficient for modern cybersecurity, urging consumers to switch to passkeys. The NCSC announced this week that it will no longer recommend passwords where passkeys are available, citing their vulnerability to phishing and data breaches.
A passkey is a login method stored on a user’s device, such as a smartphone or computer, that replaces traditional passwords. It works through cryptographic keys—a private key on the device and a public key on the service’s server—ensuring that only the user can authenticate. This system is resistant to phishing attacks because passkeys are tied to specific websites or apps.
Passkeys offer stronger security than passwords, which can be stolen, guessed, or reused across multiple accounts. The NCSC advises that passkeys should be the first choice for logging into all digital services, as they eliminate common password-related risks. Major tech companies like Apple, Google, and Microsoft already support passkey technology.
