For decades, passwords have been the standard method for securing digital accounts. However, the UK’s Government intelligence agency, GCHQ, has issued a warning stating that passwords are no longer sufficient to protect personal information online due to increasing vulnerability to hackers.

NCSC Recommends Passkeys

The National Cyber Security Centre (NCSC), a branch of GCHQ, recommends replacing passwords with ‘passkeys’ immediately. Passkeys represent a new login method designed to eliminate the need for traditional passwords.

How Passkeys Work

A passkey combines a short PIN code (or biometric identification like a fingerprint or facial recognition) with a specific device, such as a phone or computer. When logging in, your device verifies your identity with the website, granting access only if both the PIN/biometric and the device are confirmed. This dual-factor authentication makes passkeys significantly more secure.

You’ve likely already used passkey technology when unlocking your phone with a PIN or facial recognition. The goal is to eventually replace passwords entirely.

Enhanced Security Features

The key advantage of passkeys is their resistance to common cyberattacks. Unlike passwords, which can be stolen through phishing scams, hacking, or reused across multiple sites, passkeys require physical access to your device.

Robert Pritchard notes that password reuse is a major vulnerability, allowing hackers to compromise multiple accounts with a single stolen password. Colin Tankard emphasizes that passkeys protect against ‘man-in-the-middle’ attacks, which are common on public Wi-Fi networks.

Security features also protect against theft; biometric data is inaccessible to thieves, and PIN codes are difficult to crack. While a stolen phone is a concern, built-in security measures mitigate the risk, ensuring accounts remain protected.

The transition to passkeys represents a crucial step towards a more secure digital future, moving away from the outdated and increasingly vulnerable system of passwords.