The UK’s National Cyber Security Centre (NCSC) has taken a bold step. It now recommends passkeys as the default login method wherever available. “Leave passwords in the past, passkeys are the future,” proclaimed the NCSC at its CYBERUK 2026 conference in Glasgow. This marks a significant shift from decades of password‑centric security advice.
What Are Passkeys, and Why Are They Better?
Passkeys are cryptographic credentials managed by your device’s built-in credential manager, such as Apple Passwords, Google Password Manager, or Samsung Pass. Here’s why they’re reshaping digital security:
- Phishing-resistant: Passkeys can’t be intercepted or phished because they never traverse networks.
- Faster and simpler: Logging in with a passkey takes seconds—up to eight times quicker than traditional login + 2SV approaches.
- More secure: According to the NCSC, passkeys meet or exceed the strength of strong passwords combined with two-step verification.
- Resilient and synchronised: These credentials are tied to your device and backed up via secure managers, meaning you won’t lose access if you forget a password.
Where the Government Stands
The NCSC, part of GCHQ, has delivered a decisive update: passkeys should now be consumers’ first choice wherever offered. For services that don’t yet support passkeys, the fallback remains strong, unique passwords with two-step verification (2SV).
This move isn’t theoretical; it reflects real-world implementation. More than 50% of active Google users in the UK already have a passkey registered. Government services, including GOV.UK accounts are already planning or rolling out passkey support, replacing legacy SMS‑based 2FA by the end of 2025.
What This Means for Businesses and Users
- Enhanced security postures: Password-related vulnerabilities like phishing, credential stuffing, and brute-force attacks are dramatically reduced.
- Frictionless user journeys: Faster, smoother logins mean better user satisfaction and fewer support requests for “forgot password.”
- Cost savings: Fewer password resets and reduced SMS-based verification costs.
- Competitive repositioning: Staying ahead of compliance and security expectations – especially for public sector partners.
How We Can Help You Shift Securely to Passkeys
At Disking IT, we specialise in future-proofing your digital access with best-in-class authentication strategies:
- Assessment & Roadmap
We’ll review your applications, login workflows, and compliance needs to map a migration plan from passwords → passkeys. - Implementation & Integration
• Enable passkey support via WebAuthn/FIDO2 on your platforms
• Configure trusted device frameworks and credential managers
• Deploy fallback options like 2SV with strong, unique password enforcement - User Onboarding & Training
• Help staff and clients join and use passkeys on desktop/mobile devices
• Produce guides, FAQs, and support channels for smooth adoption - Ongoing Support & Monitoring
• Monitor logs and authentication trends to spot issues
• Fine-tune settings based on real-world use and feedback
• Ensure all systems and devices stay up to date
Ready to Deprecate Passwords?
The message from the UK government is clear: passwords belong in the past. Passkeys bring better security, faster access, and less frustration.
We can guide your organisation through every step—from planning and deployment to seamless adoption and ongoing support.
To begin your passwordless journey, contact Disking IT today. Let’s build a safer, smarter future together.
Book a meeting with our senior cyber analyst Ben here to learn more, or call the team today on 0333 038 9060, or you can email at hello@diskingit.co.uk.
