NCSC also joins FIDO Alliance in secure authentication push.
UK government is to roll out passkey technology for its digital services later this year.
As an alternative to the current SMS-based verification system, it claims this will offer a more secure and cost-effective solution.
The NCSC considers passkey adoption as vital for transforming cyber resilience at a national scale, and the UK is already leading internationally with the NHS becoming one of the first government organisations in the world to offer passkeys to users.
Feryal Clark, AI and Digital Government Minister, said: “The rollout of passkeys across GOV.UK services marks another major step forward in strengthening the UK’s digital defences while improving the user experience for millions.
“Replacing older methods like SMS verification with modern, secure passkeys will make it quicker and easier for people to access essential services — without needing to remember complex passwords or wait for text messages.
“This shift will not only save users valuable time when interacting with government online, but it will reduce fraud and phishing risks that damage our economic growth.”
Ollie Whitehouse, CTO at the NCSC, said the agency has a stated objective for the UK to move beyond passwords in favour of passkeys, “as they are secure against common cyber threats such as phishing and credential stuffing.”
He said: “By adopting passkey technology, government is not only leading by example by strengthening the security of its services but also making it easier and faster for citizens to access them.”
Digital Keys
Passkeys are unique digital keys that are tied to specific devices, such as a phone or a laptop, and help users log in safely without needing an additional text message or other code.
When a user logs in to a website or app, their device uses this digital key to prove the user’s identity without needing to send a code to a secondary device or to receive user input.
The key remains stored on the device, and cannot be easily intercepted or stolen. The government notice claims this makes them phishing-resistant by design.
Adoption
As part of the passkey adoption, the NCSC has also announced that it has joined the FIDO Alliance, with its executive director and CEO Andrew Shikiar saying this adoption “reflects a profound decision that stands to protect UK citizens’ while providing the government with greater security and operational efficiency.”
He said: “We’re also very pleased that the NCSC has joined the FIDO Alliance, which allows agencies across the UK government to collaborate with other thought leaders in the Alliance to advance the development and deployment of foundational technologies that will strengthen our collective cyber resilience.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
