The UK government plans to implement passkey technology across its digital services later this year. This marks a move away from traditional password and SMS-based verification methods. The transition, announced at CYBERUK, aims to enhance security while improving the user experience for citizens accessing GOV.UK services. By shifting to passkeys, the government hopes to streamline authentication and reduce costs associated with SMS verification.
Passkeys will replace SMS codes by linking unique digital credentials to devices like smartphones and laptops. When users log in, their device uses this digital key to authenticate their identity, removing the need for additional verification steps. Passkeys rely on public-key cryptography, keeping credentials securely stored on users’ devices rather than potentially vulnerable servers. This technology offers enhanced protection against credential theft and phishing attacks.
The initiative promises significant benefits in terms of both security and cost savings.
Passkeys are considered phishing-resistant by design, and successful attacks would require physical access to users’ devices. In addition, users will save time by eliminating the need to enter passwords and SMS codes. The UK government also expects to save millions annually by replacing SMS verification systems with passkeys, reducing fraud-related losses in the process.
As part of this push, the National Cyber Security Centre (NCSC) has joined the FIDO Alliance, an industry consortium promoting open authentication standards.
The collaboration strengthens the UK’s position in shaping global passkey standards. NCSC’s recommendation for organizations to adopt passkeys aligns with their mission to improve cybersecurity across both public and private sectors. The UK government, supported by FIDO, aims to accelerate the development and deployment of more secure and efficient authentication technologies.
Reference:
