Passkeys: Ushering in a New Era of Secure, Password-Free Authentication
Passkeys are transforming online security by replacing traditional passwords with a more robust, phishing-resistant authentication method. These cryptographic credentials are tied to a user’s account and use public-key cryptography to safeguard access.
Unlike passwords that can be guessed, stolen, or phished, passkeys rely on a private key securely stored on the user’s device and a corresponding public key held by the service provider. Authentication is typically completed using biometrics, such as fingerprints or facial recognition, eliminating the need to remember or enter complex passwords.
This secure system is made possible through the WebAuthn API, an extension of the Credential Management API, which facilitates the creation and verification of public key credentials. When a user registers a new passkey, the browser interacts with an authenticator to generate and store the necessary cryptographic credentials.
Why Passkeys Are Superior to Passwords:
- Phishing-proof: Passkeys only work on the original website or app where they were registered, preventing fraudulent use.
- Faster logins: Passkeys can reduce login time by nearly a minute compared to traditional password and SMS-based methods.
- Lower costs: Removing SMS authentication cuts down operational expenses, particularly for public services.
- No resets needed: Passkeys can’t be forgotten or mistyped, removing the need for password recovery processes.
UK Government’s Shift Toward Passkeys
AI and Digital Government Minister Feryal Clark highlighted the benefits of the move: “This shift will not only save users valuable time when interacting with the government online, but it will reduce fraud and phishing risks that damage our economic growth.”
The National Health Service (NHS) has been an early adopter, offering passkey authentication and sharing its experience at CYBERUK 2025. Building on this momentum, the National Cyber Security Centre (NCSC) announced upcoming passkey support for its myNCSC platform, expected to launch later this year.
To support this transformation, the UK government has joined the FIDO Alliance, an international group advancing passwordless authentication standards. NCSC CTO Ollie Whitehouse encouraged all UK organizations to embrace passkeys, citing improved security, user experience, and reduced costs. “We strongly advise all organizations to implement passkeys wherever possible,” he said.
Unveiled at the CYBERUK 2025 conference in Manchester, this initiative will phase out SMS-based two-factor authentication for government services by the end of 2025. Key services on GOV.UK including benefits, tax credits, and childcare support that will transition to passkey authentication, positioning the UK as a global pioneer in secure, password-free digital access.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
