The Government has announced plans to replace passwords as the way to access Gov.UK, its digital services platform for the public.
In contrast to using a password and then an additional text message or code sent to a user’s trusted device – known as two-factor authentication – passkeys are unique digital keys tied to a specific device that proves the user’s identity when they log in without requiring them to input any further codes.
The National Cyber Security Centre (NCSC) said this approach is more secure because the digital key remains stored on the user’s device and cannot be easily intercepted or stolen, making them resistant to being compromised through phishing and scam emails or texts, unlike passwords, which can be more easily shared.
The NCSC said it considers the adoption of passkeys as a vital step in improving cyber resilience on a national scale, in particular in the wake of high-profile cyber attacks against major retailers, including Marks and Spencer and Co-op.
The NCSC’s chief technical officer, Ollie Whitehouse, said: “The NCSC has a stated objective for the UK to move beyond passwords in favour of passkeys, as they are secure against common cyber threats such as phishing and credential stuffing.
“By adopting passkey technology, Government is not only leading by example by strengthening the security of its services but also making it easier and faster for citizens to access them.
“We strongly advise all organisations to implement passkeys wherever possible to enhance security, provide users with faster, frictionless logins and to save significant costs on SMS authentication.”
AI and Digital minister Feryal Clark said: “The rollout of passkeys across GOV.UK services marks another major step forward in strengthening the UK’s digital defences while improving the user experience for millions.
“Replacing older methods like SMS verification with modern, secure passkeys will make it quicker and easier for people to access essential services — without needing to remember complex passwords or wait for text messages.
“This shift will not only save users valuable time when interacting with government online, but it will reduce fraud and phishing risks that damage our economic growth.”
The announcement came on the first day of the CyberUK conference in Manchester, where NCSC chief executive Richard Horne warned that the number of “nationally significant” cyber attacks in the last eight months has doubled on the same period a year ago.
Mr Horne said the agency had dealt with 200 incidents since September 2024, including twice as many causing widespread disruption as the same period last year.
Also at the conference, Chancellor of the Duchy of Lancaster Pat McFadden said the cyber attacks in recent weeks should be a “wake-up call” for British businesses as he announced a £16 million package to boost defence at home and abroad.
