Passkeys to replace Passwords in UK government sector for better cybersecurity

In today’s digital age, passwords are becoming increasingly unreliable. Cybercriminals are now using advanced AI-powered tools to quickly guess passwords, making it easier for them to breach accounts. To counter this growing threat, the UK government has decided to phase out traditional passwords in favor of a more secure and user-friendly solution: Passkeys. These new digital credentials are expected to offer enhanced security, ease of use, and greater convenience, at least for now.

How Do Passkeys Work?

The underlying technology behind passkeys is rooted in cryptography. Essentially, when you create an online account, two keys are generated: a public key and a private key. These keys are provided by the online service you’re using.

The public key is securely stored on the service provider’s server.

The private key, on the other hand, remains on your device, such as your smartphone, tablet, or computer.

When you attempt to log into your account, your device uses the private key combined with a PIN or biometric scan (such as a fingerprint or facial recognition) to authenticate your identity. This process ensures that only you can access your account, without needing to remember or type in a password.

The Benefits of Passkeys

One of the key advantages of passkeys is their resilience against phishing attacks. Since there’s no traditional password to steal or phish, malicious actors are unable to easily compromise accounts. Passkeys also offer a higher level of security by integrating multi-factor authentication (MFA)—this could involve a PIN or a biometric scan, adding an extra layer of protection.

Additionally, passkeys eliminate the need for users to memorize complex passwords or store them in insecure places. They also offer the convenience of being usable across multiple devices, making account access faster and more seamless. According to the FIDO Alliance, the group behind the development of passkeys, these credentials are designed to be simple yet powerful, transforming the way we think about digital security.

How Are Passkeys Different from Traditional Passwords?

Traditional passwords are typically a combination of letters, numbers, and special characters—something that can often be guessed or cracked using brute force or AI algorithms. Even the most complex passwords are vulnerable to hacking attempts.

Passkeys, however, work differently. They involve cryptographic keys that are stored on your device and are not human-readable, making them much harder to guess or copy. Since they can’t be easily shared or transferred like a password, passkeys provide a level of security that traditional passwords can’t match.

The NHS Embraces Passkey Authentication

In line with the UK government’s push for stronger online security, the National Health Service (NHS)—the organization responsible for providing healthcare services to the British public—has decided to roll out passkey-based authentication for secure sign-ins. With this system, healthcare professionals and patients alike will be able to access their medical records and services in a more secure, streamlined manner.

Experts also predict that the shift to passkey authentication will significantly reduce the time it takes users to log into their accounts. Studies by IT researchers have shown that using passkeys could save users up to a minute per login compared to traditional passwords. This time-saving factor, along with the heightened security, makes passkeys a win-win for both individuals and organizations.

The UK’s Push Toward a Password-Free Future

The National Cyber Security Centre (NCSC), the UK’s cybersecurity watchdog, has stated that passkeys will be the future of online authentication. They aim to phase out outdated methods like SMS-based and email-based authentication, which are more prone to interception and exploitation by hackers.

As part of this initiative, passkeys are expected to be fully implemented across the UK’s public sector by the end of this year. This move is seen as a major step in strengthening the country’s digital security infrastructure and reducing vulnerabilities that cybercriminals can exploit.

A Growing Threat from Global Adversaries

The UK’s efforts to enhance cybersecurity come at a time of heightened concern over cyber threats from global adversaries, such as Russia, Iran, North Korea, and China. These nations have a history of launching cyberattacks against the UK, whether for political motives, economic espionage, or simply to cause disruption.

In recent months, high-profile incidents have placed the UK at the forefront of cybersecurity concerns. Notably, major UK-based retailers like Harrods, Marks & Spencer, and the Cooperative Group have suffered significant financial and reputational damage from cyberattacks.

On a related note, a Russian hacking group known as NoName057(16) recently claimed responsibility for hacking into multiple UK council and healthcare websites. While the group asserts that its attack was aimed at disrupting services or gathering intelligence, cybersecurity experts have expressed skepticism, suggesting that the claim may be exaggerated or that the impact was minimal.

The Path Forward

As the UK continues to face mounting cyber threats, the shift to passkeys represents a critical step forward in securing online identities and protecting sensitive data. With the backing of security experts, government agencies, and major institutions like the NHS, passkeys are expected to become the new standard for authentication in the digital world.

While no system is ever completely immune to cyberattacks, passkeys offer a more secure, user-friendly alternative to the age-old practice of relying on passwords. For the time being, this technology looks set to transform online security, making it harder for hackers to exploit traditional password weaknesses.