- The UK’s National Cyber Security Center has officially endorsed passkeys as a superior alternative to traditional passwords.
- Access keys use device-stored cryptographic keys, often unlocked with biometrics, and are considered more secure than even strong two-step verification passwords.
- With major platforms already adopting the technology, NCSC says industry advances now allow access keys to be wholeheartedly recommended for everyday use.
The UK government’s cyber security watchdog has finally endorsed passkeys, saying they were a better means of protection than the trusty old password.
The National Cyber Security Center (NCSC), part of Government Communications Headquarters (GCHQ) and the UK’s main cyber security authority, published a new press release on its website earlier this week.
In it, the agency said that “passwords must now be consumers’ first choice of login across all digital services” and that it can no longer recommend passwords when a superior option is available.
The article continues below
Britain leads the way
A passkey is a passwordless login method that uses cryptographic keys stored on the device (often unlocked with biometrics) to securely authenticate the user without the need for a traditional password.
In a new technical report published at the same time as the announcement, the NCSC said access keys were “at least as secure as, and generally more secure than, pairing the strongest password with two-step verification”.
The announcement also said that UK citizens were already quite aware of the advantages that access keys have over the traditional password. It claims that more than 50% of active users of Google services in the UK have an access key registered. Other major brands, such as eBay and Paypal, have also recently introduced the new authentication method.
Today, access keys are a four-year-old technology that has been introduced back in 2022. However, the NCSC couldn’t support it earlier due to what it says are “key implementation challenges.”
However, the industry has progressed over the past 12 months, meaning that access keys can now be highly recommended.
“Adopting access keys where you can is a strong step towards a more secure, simpler login experience, and I’m pleased we can now support uptake,” commented Jonathon Ellison, Director of National Resilience, NCSC.
“The headache that remembering passwords has caused us for decades no longer needs to be a part of login where users migrate to passkeys – they are an easy-to-use alternative that provides stronger overall resilience.”
The best password manager for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
