In today's digital landscape, the security of personal and corporate data relies entirely on the strength of our authentication methods. However, as cyber threats grow increasingly sophisticated, the National Cyber Security Centre (NCSC) has issued a clear and definitive directive: it is time to leave passwords in the past; passkeys are the future.

In an overhaul of decades of security advice, the NCSC’s announcement highlights that traditional passwords are fundamentally flawed and increasingly vulnerable to compromise. In contrast to this, passkeys offer a far more secure and user-friendly alternative. With threat actors using advanced social engineering and AI-driven tactics to bypass legacy security defences, the NCSC's guidance urges organisations and consumers alike to modernise their approach to data protection.

Niall McConachie, regional director (UK & Ireland) at Yubico, discusses the NCSC's guidance and why the shift to passkeys is essential for effective security:

“In response to the challenging AI-powered threat landscape, a global transition is underway – users are moving away from passwords towards stronger, more resilient technologies. The clear successor is the passkey, which is rapidly emerging as the new standard for secure authentication.

“This isn't just a niche trend. Last year, the UK Government announced its own plans to embrace passkeys for its digital services, citing them as the recommended method for enhanced security. The move is expected to not only offer users a more secure authentication option but also save millions of pounds annually, demonstrating a clear return on investment.

“It’s therefore imperative that we move away from authentication methods like passwords and instead turn our attention to foolproof methods like device-bound passkeys, which offer the highest level of security. These physical security keys are totally resistant to phishing attempts and can't be intercepted or stolen by remote attackers, meaning only the key holder can gain access to their accounts. They also manage logins across all users’ platforms and devices – meaning attackers can’t use AI to get around the wall of defence the physical key provides. Only with a bulletproof authentication method like this can users rest easy, knowing their accounts are safe from whatever hacking capabilities AI brings next.”