Posted in Trending News

Stop using passwords online, says GCHQ: New passkeys ‘remove entire classes of attacks’ from hackers

Reporter


The UK’s cyber agency has warned people should stop using passwords online as new passkeys ‘remove entire classes of attacks’ from hackers.

The National Cyber Security Centre (NCSC) said it was ‘overhauling decades of practice’ and has advised the public to not reply on passwords for protection due to the threat of hackers.

The advice comes as experts at the NCSC say most phishing attempts start with criminals compromising or stealing a person’s logins.

The NCSC – an arm of the GCHQ – is now encouraging people to adopt passkeys, a sign-in method which is password-free, deemed more secure because they can’t be stolen from servers.

Passkeys have been likened to a ‘digital stamp’ by officials – created and stored on a device and considered safer and more straightforward for users.

This means using biometric data for many users – like fingerprints or facial recognition – or their phone’s PIN to create and authenticate their passkey.

This method allows for a secure digital key on your phone, computer or tablet. Experts say this means that even if a website that uses passkeys is breached, hackers can only access ‘public’ keys, which on their own are useless.

IT experts estimate passkeys will save users one minute each time they sign in.

The National Cyber Security Centre (NCSC) has warned people should stop using passwords online as new passkeys 'remove entire classes of attacks' from hackers (Pictured: Richard Horne, CEO of the NCSC)

 The National Cyber Security Centre (NCSC) has warned people should stop using passwords online as new passkeys ‘remove entire classes of attacks’ from hackers (Pictured: Richard Horne, CEO of the NCSC)

When a user first logs in to a device, the system sends a digital key to specific devices.

This allows a user to log in safely on future occasions without needing a password, text message or other code.

The key remains stored on the device and cannot be easily intercepted or stolen – with third parties unable to access accounts using other devices.

Passkeys have already been implemented in many of the Government’s digital services, like the NHS.

In addition to securing patients’ health data, passkeys are thought to have made significant cost savings because they remove the need for multi-factor authentication like receiving time-sensitive codes sent via text message.

Speaking in the wake of the 2025 cyber attacks on Marks and Spencer, the Co-op and Harrods, Dr Richard Horne said Britain faces a ‘diverse and dramatic’ threat.

Dr Horne said: ‘We’ve managed more than 200 incidents since September last year (until the end of March). And that includes twice as many nationally significant incidents as the same period a year ago.’

The use of passkeys has since been adapted by major online services as Google, Microsoft, PayPal and eBay. Data from Google suggests more than half of their UK users are registered with one.

The NCSC is now encouraging people to adopt passkeys, a sign-in method which is password-free, which is deemed more secure because they can't be stolen from servers (Pictured: The Government Communications Headquarters)

The NCSC is now encouraging people to adopt passkeys, a sign-in method which is password-free, which is deemed more secure because they can’t be stolen from servers (Pictured: The Government Communications Headquarters)

Speaking in the wake of the attacks on Marks and Spencer, the Co-op and Harrods, Dr Horne (pictured) said Britain faces a 'diverse and dramatic' threat

Speaking in the wake of the attacks on Marks and Spencer, the Co-op and Harrods, Dr Horne (pictured) said Britain faces a ‘diverse and dramatic’ threat  

Jonathon Ellison, the director for national resilience at the NCSC, said passkeys provide a ‘a user-friendly alternative which provide stronger overall resilience’.

He said: ‘As we aim to accelerate the UK’s cyber defences at scale, moving to passkeys is something all of us can do to improve the security of everyday digital services and be prepared for modern and future cyber threats.’

The NCSC said that last year it stopped short of endorsing passkey adoption due to reservations regarding their implementations.

However, the agency has said progress within the tech industry has since meant passkeys have been deemed more secure and user-friendly, and has encouraged businesses to implement them as the default option for consumers.

On Thursday, a technical report by the NCSC will outline how passkeys are as secure, if not more secure, than the strongest possible password in combination with a two-step verification process.

And in the instance where online services do not support passkeys, the NCSC advises using a password manager to create stronger passwords and keep using two-step verification.

Chris Hosking, from cybersecurity company SentinelOne, said passkeys remove ‘entire classes of attacks’.

He said: ‘The reality is we all juggle dozens of logins across our work and personal lives and expecting all your employees to create and manage strong, unique passwords for each one simply isn’t realistic.

The use of passkeys has been adapted by major online services as Google, Microsoft, PayPal and eBay

The use of passkeys has been adapted by major online services as Google, Microsoft, PayPal and eBay 

‘Inevitably people reuse them or stick with the same ones for years.

‘That’s why so many major breaches start the same way – a popular service with authenticated users gets breached, those passwords and emails land in data dumps on the dark web, triggering a domino effect that compromises multiple sites and systems.

‘Passkeys remove entire classes of attacks, as there’s no password to steal or reuse.’



Source link

You May Also Like

What next as bitcoin’s (BTC) ‘Bull Score Index’ leaves bear territory?

How Prince Louis Rules the Royal Family’s World

Leave a Reply

Your email address will not be published. Required fields are marked *