The age-old problem of passwords has long plagued our online lives, but it seems a new kid on the block could be about to shake things up. Passkeys, touted by the UK's National Cyber Security Centre (NCSC) as a significant step forward in digital security, are gaining traction – and sparking debate among users and experts alike.
A core advantage of passkeys lies in their underlying technology, which cleverly sidesteps the weakness inherent in passwords: the 'shared secret'. When logging in with a password, it must be transmitted to a website for verification, creating a potential vulnerability if the website's server is compromised. In contrast, a passkey initiates a complex mathematical calculation on the user's device, sending only the result to the website for verification – and crucially, the passkey itself remains on the device.
This 'unphishable' nature is a key differentiator. Unlike passwords, which can be stolen remotely through phishing attacks from anywhere in the world, a passkey's vulnerability is largely confined to physical access to the device it's stored on. Experts argue that while a stolen phone poses a risk, users are typically quick to notice such an event and can promptly revoke access to their accounts – unlike password breaches, which can go unnoticed for extended periods.
For UK businesses, the shift towards passkeys presents both opportunities and challenges. Enhanced security could reduce the financial and reputational damage caused by data breaches, which are increasingly costly. However, implementing passkey support requires investment in new infrastructure and potentially user education – and it's not just about tech firms stepping up their game: regulators like the UK ICO and EU AI Act will likely encourage adoption of such advanced security measures.
Despite the advantages, some users remain wary, preferring their own methods of password management or worrying that the push for passkeys might be driven by software companies rather than genuine necessity. Yet cybersecurity professionals are united in their view: passkeys represent a robust evolution in digital protection, offering a significant upgrade from password-based systems.