:

UK CYBER AGENCY DITCHES PASSWORDS FOR PASSKEYS

INDUSTRY DESK2 MIN READ
SAT, APR 25, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

The UK's National Cyber Security Centre has officially moved away from recommending passwords, endorsing passkeys as the more secure login method for digital services. Passkeys offer stronger protection against phishing and data breaches.

The National Cyber Security Centre (NCSC) announced it will no longer recommend passwords where passkeys are available, marking a significant shift in digital security guidance. What are passkeys? Passkeys are login credentials stored directly on users' devices—smartphones, tablets, or computers. Rather than typing a password, users authenticate through biometric data like fingerprints or face recognition, or device PIN codes. How they work When logging into an app or website, passkeys use cryptographic technology to verify identity without transmitting sensitive information across networks. The system stores a unique key on the user's device and keeps a corresponding public key with the service provider. Authentication happens locally on the device, not through a centralized server. Security advantages Passkeys eliminate several vulnerabilities that plague traditional passwords. They are resistant to phishing attacks because they cannot be tricked into authenticating on fake websites. Users cannot be socially engineered into revealing them, as there is no shared secret to compromise. Passkeys also provide protection against large-scale data breaches. Even if a service provider's database is compromised, attackers cannot use stolen credentials to access accounts elsewhere, since each passkey is unique to its service. Industry adoption Major technology companies have already begun supporting passkeys. Google, Apple, and Microsoft now allow users to create and manage passkeys across their platforms. Financial institutions and major websites are gradually integrating passkey support as an authentication option. The transition The NCSC's guidance positions passkeys as consumers' first choice for login across all digital services. The agency cited modern cyber threats as the primary reason for moving beyond password-based security. While complete password replacement will take time due to infrastructure requirements, the NCSC's endorsement accelerates industry momentum toward phishing-resistant, breach-resistant authentication methods.

■ SOURCES

The Guardian — Technology

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against American organizations. The action targets infrastructure providers facilitating cyber threats.

3H AGOSecurity Desk

As scam calls and messages proliferate, ordinary people are turning the tables on fraudsters through scambaiting—deliberately engaging scammers to waste their time and resources.

5H AGOIndustry Desk

Security researchers have identified a defensive technique called "context bombing" that uses prompt injections to trigger an attacker's own AI guardrails, reducing the success rate of AI-based hacking attempts by approximately 90%.

5H AGOAI Desk

The Los Angeles Police Department has declined to renew its contract with Flock Safety, citing data privacy concerns. The decision marks a shift in the department's approach to automated license plate reader technology.

11H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.