System hacked warning alert on notebook (Laptop). Cyber attack on computer network, Virus, Spyware, Malware or Malicious software. Cyber security and cybercrime. Compromised information internet. Credit: Getty

GCHQ has warned users to ditch using passwords and use a safer alternative to stop criminals hacking your accounts.

The National Cyber Security Centre (NCSC) has declared “passkeys are the future” and are the most secure method for consumers using digital services.

Sign up for the Tech newsletter

Thank you!

GCHQ has advised to stop using passwords in favour of a safer alternative Credit: The Times

The NCSC, which is part of GCHQ, have declared that passwords have become too susceptible to hackers and “lack the resilience of modern cyber threats”.

This is because phishing attacks – where impersonators use fake emails, texts, or phone calls to trick victims into parting with personal information – usually begin with stealing or compromising your login details.

If a website you use is hacked, then cybercriminals can then use passwords to access other service you use – passwords can also be guessed as many people often re-use them.

Cybercriminals can easily use your password to access different services which is made easier when people tend to re-use their password or they are easily guessed.

MOVIE MAGIC
Disney+ slashes prices in surprise deal as rivalry with HBO Max heats up

FREE-SY DOES IT
Major UK mobile network expands free speed upgrade to 1.2m Brits TODAY

The NCSC is now urging users to adopt the use of passkeys, as they only require user approval as opposed to logging in via a username, password or two-factor authentication.

Experts say it makes it “quicker and easier to use and harder for cyber attackers to compromise”.

Passkeys allow the user to sign into apps and websites using device-level authentication with biometric data such as facial recognition or fingerprints or a PIN number.

They can be best described as a pair of “keys” – a private key stored on your device and a public key sent to the website.

Potential hackers would need access to the private key so if the website service using passkeys is breached, they can only gain the public key which won’t put you at risk.

The NCSC said that passkeys have already started to be rolled out across the UK Government’s digital services with the NHS becoming one of the first.

The agency added that the UK is already a global leader in adopting passkeys with more than half of Google users in the UK having already registered one.

Meanwhile, other online service provides such as eBay and PayPal already support the use of passkeys.

A recently published technical report by GCHQ revealed that passkeys are generally more secure than pairing the strongest password with two-step verification – and eight times quicker.

Passkeys weren’t recommended by the agency last year but due to progress, they can now be recommended to the public as the “more secure and user-friendly login method”.

Passkeys make it harder for cybercriminals accessing sensitive information Credit: Getty

Jonathon Ellison, Director for National Resilience, NCSC said: “Adopting passkeys wherever you can is a strong step towards a safer, simpler login experience and I am pleased that we can now support uptake.

“The headaches that remembering passwords have caused us for decades no longer need to be a part of logging in where users migrate to passkeys – they are a user-friendly alternative which provide stronger overall resilience.  

“As we aim to accelerate the UK’s cyber defences at scale, moving to passkeys is something all of us can do to improve the security of everyday digital services and be prepared for modern and future cyber threats.”

For those services who do not support passkeys, the NCSC advised consumers to use a password manager to create stronger passwords and to continue using two-step verification.

They concluded: “Making passkeys the default authentication recommendation is a critical step towards revolutionising the way individuals use and access their online identities.

What is a passkey and how do they work?

What is a passkey?
The NCSC likens a passkey to a set of “digital keys” that are tied to a specific device – this could be a phone, laptop or tablet.
They take the place of passwords and are created, stored and managed on your device using biometric data.
“When a user logs in to a website or app, their device uses this digital key to prove the user’s identity without needing to send a code to a secondary device or to receive user input,” the NCSC said.
Why is a passkey better than a password?
According to the NCSC, passkeys are more secure because they cannot be easily stolen or intercepted because they are stored on your device.
As a result, this makes you less susceptible for phishing attacks – where criminals impersonate a person or organisation to trick victims into revealing sensitive information, like a password to access apps and websites.
The criminal would instead need access to the physical device that holds the passkey.
What happens if you lose your device?
The NCSC advises that you make a backup of your passkeys for safety in the event you lose your device.
They can also be synced to other devices you trust via the cloud rather than creating a new one for each device you own.