CP
cyberpings

Passkeys - A More Secure Alternative to Passwords

The NCSC recommends using passkeys over passwords for better security. This shift aims to reduce phishing risks and enhance user protection. Passkeys are now supported by most modern devices.

PrivacyHIGHUpdated: Published:

Original Reporting

NCNCSC UK

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, passkeys are a safer way to log in than traditional passwords.

What Happened

At CYBERUK 2026 in Glasgow, the National Cyber Security Centre (NCSC) announced a significant shift towards recommending passkeys as a replacement for traditional passwords. This change is based on extensive research and collaboration with various stakeholders, including technology vendors and the FIDO Alliance.

Why This Matters

Passkeys are designed to be more secure and user-friendly compared to traditional multi-factor authentication (MFA) methods. The NCSC's analysis concluded that traditional MFA methods, such as SMS codes and email verifications, are inherently vulnerable to phishing attacks. In contrast, FIDO2 credentials, which include passkeys, offer enhanced protection against common credential attacks.

How Passkeys Work

Passkeys function by using cryptographic keys that are securely stored on devices. When logging in, these keys are used in conjunction with user verification methods, effectively creating a multi-factor authentication system without the vulnerabilities associated with traditional methods. This means that even if an attacker intercepts a login attempt, they cannot easily reuse or relay the credentials.

Addressing Concerns

Several concerns about passkeys have been raised, including:

  • Synchronization: Passkeys can sync across devices using cloud services, similar to how password managers operate. The key is ensuring the sync account is secure.
  • Multi-Factor Authentication: Passkeys qualify as multi-factor authentication when user verification is required, combining something the user has with something they know or are.
  • Effectiveness of Traditional MFA: While traditional MFA can be effective, it remains vulnerable to phishing attacks, which passkeys are designed to eliminate.

Getting the Most Benefit

For passkeys to be effective, users must implement them sensibly. This includes ensuring the security of devices and credential managers, as well as having clear recovery options. The NCSC emphasizes that even under realistic conditions, passkeys provide stronger protection than traditional MFA methods.

Conclusion

The NCSC strongly recommends that individuals and organizations adopt passkeys wherever possible. This shift towards phishing-resistant authentication represents a significant opportunity to enhance security and reduce the risk of cyber compromises. As technology matures and standards become established, the transition to passkeys is not just beneficial but essential for improving online security.

🔒 Pro Insight

🔒 Pro insight: The NCSC's endorsement of passkeys marks a pivotal shift in authentication strategies, emphasizing the need for robust, phishing-resistant solutions.

Share

Related Pings

Preview image for California Community Opposes CBP's AI Surveillance Tower
Privacy
HIGH

California Community Opposes CBP's AI Surveillance Tower

Residents of San Clemente are rallying against a proposed AI surveillance tower by CBP. This technology could infringe on their privacy, monitoring neighborhoods extensively. Local advocates urge community members to oppose this invasive measure.

EFEFF Deeplinks
Read PingRead Source
Preview image for UK NCSC Recommends Passkeys as Default Authentication Method
Privacy
HIGH

UK NCSC Recommends Passkeys as Default Authentication Method

The UK’s NCSC is urging businesses to adopt passkeys as the default authentication method. This shift aims to enhance security and user experience, moving away from vulnerable passwords. As cyber threats rise, this guidance could significantly reduce risks associated with traditional login methods.

CSCSO Online
Read PingRead Source
Preview image for Greece Relaxes Euro Biometric Border Entry Rules Amid Chaos
Privacy
MEDIUM

Greece Relaxes Euro Biometric Border Entry Rules Amid Chaos

Greece is easing biometric entry rules after travelers faced long delays. UK passport holders won't have biometric data collected, helping improve travel efficiency. This change aims to reduce chaos at airports during peak travel times.

REThe Register Security
Read PingRead Source
Preview image for EPIC Supports FTC's Click-to-Cancel Rule Restoration Efforts
Privacy
HIGH

EPIC Supports FTC's Click-to-Cancel Rule Restoration Efforts

EPIC has joined 15 organizations to support the FTC's modernization of the Negative Option Rule. This aims to simplify subscription cancellations and protect consumer rights. The coalition emphasizes the need for swift action to end predatory practices. Join the fight for consumer protection!

EPEPIC Electronic Privacy
Read PingRead Source
Preview image for Lizzie O'Shea - Advocating for Digital Rights and Privacy
Privacy
HIGH

Lizzie O'Shea - Advocating for Digital Rights and Privacy

Lizzie O'Shea advocates for digital rights and free speech in Australia. She warns against strict social media laws for minors, emphasizing the importance of youth voices. O'Shea's insights shed light on the risks of ignoring how young people use these platforms.

EFEFF Deeplinks
Read PingRead Source
Preview image for Surveillance Vendors Abuse Telcos to Track Phone Locations
Privacy Widely Reported (3 sources)
HIGH

Surveillance Vendors Abuse Telcos to Track Phone Locations

Citizen Lab's research reveals alarming exploitation of telecom networks by surveillance vendors to track individuals' locations, raising serious privacy and security concerns.

TCTechCrunch Security+2 more
Read PingRead Source