The UK government has announced at its flagship cybersecurity event, CYBERUK, that it intends to implement passkey technology for the government’s GOV.UK services as an alternative to SMS-based verification.
The UK government has articulated that this technology offers a more secure and cost-effective solution.
Passkeys are unique digital keys that are tied to specific devices, such as a phone or a laptop, helping users log in safely without needing an additional text message or code.
This method is more secure because the key remains stored on the device and cannot be easily intercepted or stolen, making it phishing-resistant by design.
As a result, even if someone attempts to steal a password or intercept a code, they would be unable to gain access without the physical device that contains the passkey.
The National Cyber Security Centre (NCSC) has said that it considers passkey adoption as vital for transforming cyber-resilience at a national scale and has joined the FIDO Alliance to shape international security standards.
According to NCSC, the NHS has become one of the first government organisations in the world to offer passkey technology to its users.
The implementation of passkey technology is said to offer users a faster login experience, saving approximately one minute per login when compared to entering a username, password and SMS code.
Feryal Clark, AI and Digital Government Minister said: “The rollout of passkeys across GOV.UK services marks another major step forward in strengthening the UK’s digital defences while improving the user experience for millions.
“Replacing older methods like SMS verification with modern, secure passkeys will make it quicker and easier for people to access essential services — without needing to remember complex passwords or wait for text messages.
“This shift will not only save users valuable time when interacting with government online, but it will reduce fraud and phishing risks that damage our economic growth,” finalised Clark.
Ollie Whitehouse, Chief Technical Officer, NCSC articulated that: “The NCSC has a stated objective for the UK to move beyond passwords in favour of passkeys, as they are secure against common cyber-threats such as phishing and credential stuffing.
“By adopting passkey technology, government is not only leading by example by strengthening the security of its services but also making it easier and faster for citizens to access them.
“We strongly advise all organisations to implement passkeys wherever possible to enhance security, provide users with faster, frictionless logins and to save significant costs on SMS authentication,” commented Whitehouse.
Andrew Shikiar, Executive Director and CEO, FIDO Alliance commented: “The UK government’s adoption of passkeys across its digital services reflects a profound decision that stands to protect UK citizens while providing the government with greater security and operational efficiency.
“By prioritising modern, phishing-resistant authentication, the UK is setting a strong example for both the public and private sectors in the UK and beyond.
“We’re also very pleased that the NCSC has joined the FIDO Alliance, which allows agencies across the UK government to collaborate with other thought leaders in the Alliance to advance the development and deployment of foundational technologies that will strengthen our collective cyber resilience.”
