UK Government to Shift Away from Passwords in New Security Move

UK government has unveiled plans to implement passkey technology across its digital services later this year, marking a significant shift away from traditional password and SMS-based verification methods.

Announced at the government’s flagship cyber security event CYBERUK, this transition aims to enhance security while providing a more streamlined user experience for citizens accessing GOV.UK services.

The initiative is expected to save several million pounds annually while strengthening the nation’s digital defenses against increasingly sophisticated cyber threats.

- Advertisement -

The government’s digital transformation strategy will introduce passkeys as an alternative to conventional SMS-based verification systems currently in use across government platforms.

Passkeys function as unique digital credentials directly linked to specific devices such as smartphones or laptops, eliminating the need for secondary verification codes sent via text message.

When users attempt to log in to government services, their device employs this digital key to authenticate their identity without requiring additional input or verification steps.

Technical implementation of passkeys relies on public-key cryptography, where authentication credentials remain securely stored on the user’s device rather than on potentially vulnerable servers.

This architecture makes passkeys inherently resistant to common attack vectors like credential theft and phishing attempts.

The UK’s National Health Service (NHS) has already pioneered this approach, becoming one of the first government organizations globally to offer passkey authentication to its users.

Security Benefits and Cost Savings

From a cybersecurity perspective, passkeys offer significant advantages over traditional authentication methods.

Because authentication credentials remain device-bound and inaccessible to remote attackers, even successful password interception or phishing attempts would prove ineffective without physical access to the authenticated device.

The National Cyber Security Centre (NCSC) has endorsed this technology as “phishing-resistant by design” and crucial for enhancing national cyber resilience.

Beyond security improvements, the initiative promises substantial efficiency gains. Users can expect approximately one minute saved per login compared to traditional methods requiring username, password, and SMS code entry.

AI and Digital Government Minister Feryal Clark emphasized that “replacing older methods like SMS verification with modern, secure passkeys will make it quicker and easier for people to access essential services – without needing to remember complex passwords or wait for text messages”.

The government also anticipates considerable cost savings by eliminating SMS verification expenses while simultaneously reducing fraud-related losses.

NCSC Joins FIDO Alliance

Concurrent with the passkey rollout announcement, the NCSC revealed its membership in the FIDO (Fast Identity Online) Alliance, the global industry consortium developing open authentication standards.

This strategic partnership positions the UK to actively participate in shaping international passkey standards and authentication protocols.

NCSC Chief Technical Officer Ollie Whitehouse stated that the organization “has a stated objective for the UK to move beyond passwords in favor of passkeys,” recommending that “all organisations implement passkeys wherever possible to enhance security, provide users with faster, frictionless logins and to save significant costs on SMS authentication”.

This recommendation aligns with the NCSC’s broader mission to improve cybersecurity across both public and private sectors.

Andrew Shikiar, Executive Director and CEO of the FIDO Alliance, praised the UK’s approach, noting that “by prioritising modern, phishing-resistant authentication, the UK is setting a strong example for both the public and private sectors in the UK and beyond”.

The collaboration between UK government agencies and FIDO Alliance members aims to accelerate development and deployment of technologies that strengthen collective cyber resilience.

Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download