UK CYBER AGENCY DITCHES PASSWORDS FOR PASSKEYS
INDUSTRY DESK■ 2 MIN READ
SAT, APR 25, 2026■ AI-SUMMARIZED FROM 1 SOURCE BELOW
The UK's National Cyber Security Centre has officially moved away from recommending passwords, endorsing passkeys as the more secure login method for digital services. Passkeys offer stronger protection against phishing and data breaches.
The National Cyber Security Centre (NCSC) announced it will no longer recommend passwords where passkeys are available, marking a significant shift in digital security guidance.
What are passkeys?
Passkeys are login credentials stored directly on users' devices—smartphones, tablets, or computers. Rather than typing a password, users authenticate through biometric data like fingerprints or face recognition, or device PIN codes.
How they work
When logging into an app or website, passkeys use cryptographic technology to verify identity without transmitting sensitive information across networks. The system stores a unique key on the user's device and keeps a corresponding public key with the service provider. Authentication happens locally on the device, not through a centralized server.
Security advantages
Passkeys eliminate several vulnerabilities that plague traditional passwords. They are resistant to phishing attacks because they cannot be tricked into authenticating on fake websites. Users cannot be socially engineered into revealing them, as there is no shared secret to compromise.
Passkeys also provide protection against large-scale data breaches. Even if a service provider's database is compromised, attackers cannot use stolen credentials to access accounts elsewhere, since each passkey is unique to its service.
Industry adoption
Major technology companies have already begun supporting passkeys. Google, Apple, and Microsoft now allow users to create and manage passkeys across their platforms. Financial institutions and major websites are gradually integrating passkey support as an authentication option.
The transition
The NCSC's guidance positions passkeys as consumers' first choice for login across all digital services. The agency cited modern cyber threats as the primary reason for moving beyond password-based security.
While complete password replacement will take time due to infrastructure requirements, the NCSC's endorsement accelerates industry momentum toward phishing-resistant, breach-resistant authentication methods.
■ MORE FROM THE SECURITY DESK
The Department of Justice has intervened in xAI's lawsuit challenging Colorado's new AI regulation law. The state law requires developers of high-risk AI systems to disclose and mitigate algorithmic discrimination risks.
JUST NOW— AI Desk
A group of Discord users gained unauthorized access to Anthropic's internal project documentation known as Mythos. The breach exposed sensitive information about the AI safety company's internal operations and research.
JUST NOW— AI Desk
The U.S. State Department has ordered diplomats worldwide to highlight what it characterizes as systematic intellectual property theft targeting American AI laboratories by Chinese companies.
11H AGO— AI Desk
Home security firm ADT has confirmed a data breach following threats from the ShinyHunters extortion group to leak stolen customer data. The group demanded ransom in exchange for not releasing the information.
11H AGO— Security Desk