Passkeys to replace passwords and SMS in cybersecurity overhaul
James
The UK government has announced plans to roll out passkey technology across GOV.UK digital services later this year, in a significant step away from SMS-based verification and traditional passwords. The move is part of a broader strategy to bolster national cybersecurity and streamline user access to public services.
Unveiled at the CYBERUK 2025 conference, the transition to passkeys is expected to enhance protection against cyber threats such as phishing and credential theft, while also cutting operational costs. Government officials estimate the new authentication method could save millions annually by eliminating the need for SMS verification services.
Passkeys are cryptographic digital credentials stored on personal devices like smartphones and laptops, allowing secure, password-free logins. Unlike one-time codes sent via text, passkeys are phishing-resistant by design. They cannot be intercepted or used without the registered device, significantly reducing the risk of account compromise.
“The rollout of passkeys across GOV.UK services marks another major step forward in strengthening the UK’s digital defences while improving the user experience,” said AI and Digital Government Minister Feryal Clark. “This shift will not only save users valuable time when interacting with government online, but it will reduce fraud and phishing risks that damage our economic growth.”
The National Cyber Security Centre (NCSC), which has been driving the adoption of passwordless technologies, has formally joined the FIDO Alliance - an international body responsible for shaping global passkey standards. This move aims to reinforce the UK’s position as a leader in digital identity innovation, with the NHS already among the first public bodies globally to offer passkey login options.
Ollie Whitehouse, NCSC Chief Technical Officer, emphasised the significance of the move: “By adopting passkey technology, government is not only leading by example but also making it easier and faster for citizens to access services. We strongly advise all organisations to implement passkeys to enhance security and reduce costs.”
The transition also promises tangible improvements to user experience. Logging in with a passkey is estimated to save around a minute per session compared to traditional methods involving usernames, passwords, and verification codes.
The FIDO Alliance welcomed the UK's commitment. CEO Andrew Shikiar called it a “profound decision” that enhances both user protection and government efficiency. “The UK is setting a strong example for both public and private sectors globally,” he added.
