UK govt commits to passkeys in another big step to a passwordless world

As multinational corporations like Microsoft and Amazon move to passkeys, governments are also making the transition.

The UK government is the latest to announce the move with the British government set to roll out passkey technology across digital services later this year.

Currently, UK government services (Gov.uk) use an SMS-based verification system but the switch could save several million pounds annually, according to the government, while offering more security.

The UK government is in the process of greater digitalization and technological transition, with a landmark national AI plan for change unveiled earlier this year, and the new initiative was announced on the first day of the government’s “flagship” cybersecurity event CYBERUK. The UK’s National Cyber Security Centre (NCSC) also announced that it has joined the FIDO Alliance, the body shaping password-free authentication worldwide.

“The rollout of passkeys across GOV.UK services marks another major step forward in strengthening the UK’s digital defences while improving the user experience for millions,” said AI and digital government minister Feryal Clark.

As the minister mentions in further remarks, passkeys mean users don’t need to remember passwords or wait for text messages. It also saves users approximately one minute per login when compared to entering a username, password, and SMS code for gov.uk., according to the government’s analysis.

In addition, passkeys are stored on a user’s device, such as a phone or laptop, which makes them phishing-resistant. If a bad actor tries to steal a password or intercept a code, they would be unable to gain access without the physical device that contains the passkey.

“The UK government’s adoption of passkeys across its digital services reflects a profound decision that stands to protect UK citizens while providing the government with greater security and operational efficiency,” says Andrew Shikiar, executive director and CEO of the FIDO Alliance. “By prioritising modern, phishing-resistant authentication, the UK is setting a strong example for both the public and private sectors in the UK and beyond.”

“The NCSC has a stated objective for the UK to move beyond passwords in favour of passkeys, as they are secure against common cyber threats such as phishing and credential stuffing,” said Ollie Whitehouse, chief technical officer at NCSC.

The NCSC sees passkeys as the future and is “strongly advising” all organizations to implement passkeys wherever possible. The aim is to provide users with faster, frictionless logins, save costs on SMS authentication, and enhance security.

Globally, passkeys are becoming more mainstream. In March, Microsoft said it would be rolling out a new sign-in experience, with passkeys deployed. Since so many worldwide use Windows or a Microsoft product – it has more than a billion users – the corporation’s move to passwordless represents a major shift for user experience. Microsoft has found that on average passkey sign-ins to its services take only eight seconds, compared with 69 seconds to sign in using a traditional password and second factor.

In Australia, the government there is on a steady track of digital transformation with passkeys playing a significant role. Amazon now supports passwordless authentication for its Amazon Cognito.

Article Topics

biometric authentication  |  biometrics  |  FIDO Alliance  |  government services  |  passkeys  |  passwordless authentication  |  UK