© 2025 CoolTechZone - Latest tech news,
product reviews, and analyses.

NCSC calls Passkeys ‘not perfect’, but they are getting better


Due to various obstacles, Passkeys aren’t yet suited for widespread adoption. However, they are the future of authentication and the current challenges are being resolved.

Passkeys are a relatively new security method for logging into applications and websites. Passkeys are based on the security standard WebAuthn, which stands for Web Authentication. This allows providers of social media, payment services or other online services to build strong authentication into their services by using customers’ registered devices, such as a smartphone or laptop.

Passkeys are based on the principles of asymmetric cryptography, meaning there’s a public key and a private key. The private key remains on the user’s device, while the corresponding public key is stored by the service provider of a website or app.

When logging into a site or app, you are prompted to use your device to send a login request. A signature of your private key is being sent to the service provider. By using the public key, the provider verifies your identity. If both keys belong together, you’re given access to your account.

According to the United Kingdom’s National Cyber Security Centre (NCSC), Passkeys are easier and safer to use than passwords. A password can be weak or leaked by hackers, a Passkey can’t. Also, you don't have to worry about maintaining or updating your passwords.

In addition, Passkeys are immune to phishing because they don’t work on spoofed websites. Lastly, it is virtually impossible to hack a Passkey.

More and more service providers are offering Passkeys as a way to secure your account. And although that’s a good thing, several issues are currently preventing widespread Passkey adoption, including inconsistent support and experiences, device loss scenarios, migration issues, platform differences, and account recovery processes.

To resolve these obstacles, the NCSC is working with the FIDO Alliance and vendors. Furthermore, organizations are encouraged to make Passkeys available as an option for users, and offer them as default for their customers in the near future. Lastly, the UK government is exploring the option to use Passkeys to access central government services with one login.

“The NCSC believes Passkeys are the future of online authentication – for a business authenticating its customers, or a government service authenticating its citizens – and we’re working to make this a reality as soon as possible. But achieving this vision needs an intensified effort from all parties and greater collaboration to cohere the vision and prevent it fragmenting to the extent that users disengage,” the NCSC says in a blog post.


Leave a Reply

Your email address will not be published. Required fields are marked