The UK’s National Cyber Security Center is urging users to ditch outdated login habits and switch to secure tools like password managers and passkeys. With online accounts multiplying and threats growing more sophisticated, the agency says technology now offers more dependable ways to protect personal data.
Password managers, widely available across browsers and platforms, allow users to create strong, unique passwords without having to memorize them. These tools generate and store credentials inside an encrypted vault, which can often be unlocked using biometric authentication or a master password. Some services also support recovery methods in case the primary key is lost.
While browser-based options like Chrome or Safari offer basic features, standalone apps typically provide more advanced tools, including secure note storage and password sharing. The NCSC advises users to enable multi-factor authentication and avoid reusing their main password across other services.
Beyond passwords, the center is promoting the growing use of passkeys, an authentication method based on public-key cryptography that removes the need for usernames and passwords altogether. Instead of entering credentials, the device verifies the user using a PIN, fingerprint, or facial scan, and logs in using a unique cryptographic key pair.
One half of the pair remains securely on the device, while the other is shared with the website. Because each passkey is tied to a specific platform, phishing attempts and password reuse attacks become far less effective. Even in the event of a server breach, the stolen key cannot be used elsewhere.
Tech platforms including Google, PayPal, and eBay have already rolled out passkey support, and more sites are expected to follow. The system also speeds up the login process, eliminating the need to type credentials or handle two-factor codes.
In its latest guidance, the NCSC frames these technologies not just as convenience tools but as core components of digital safety. Users are encouraged to select reputable tools, keep devices updated, and activate biometric locks wherever possible. For those juggling dozens of accounts, the agency says these systems offer a practical and secure alternative to managing credentials manually.
As digital identity grows increasingly central to everyday life, the NCSC’s message is clear: strong security doesn’t need to be complicated, but it does need to evolve.
Image: DIW-Aigen
Read next: YouTube Introduces Stricter Livestreaming Rules to Protect Underage Users
Password managers, widely available across browsers and platforms, allow users to create strong, unique passwords without having to memorize them. These tools generate and store credentials inside an encrypted vault, which can often be unlocked using biometric authentication or a master password. Some services also support recovery methods in case the primary key is lost.
While browser-based options like Chrome or Safari offer basic features, standalone apps typically provide more advanced tools, including secure note storage and password sharing. The NCSC advises users to enable multi-factor authentication and avoid reusing their main password across other services.
Beyond passwords, the center is promoting the growing use of passkeys, an authentication method based on public-key cryptography that removes the need for usernames and passwords altogether. Instead of entering credentials, the device verifies the user using a PIN, fingerprint, or facial scan, and logs in using a unique cryptographic key pair.
One half of the pair remains securely on the device, while the other is shared with the website. Because each passkey is tied to a specific platform, phishing attempts and password reuse attacks become far less effective. Even in the event of a server breach, the stolen key cannot be used elsewhere.
Tech platforms including Google, PayPal, and eBay have already rolled out passkey support, and more sites are expected to follow. The system also speeds up the login process, eliminating the need to type credentials or handle two-factor codes.
In its latest guidance, the NCSC frames these technologies not just as convenience tools but as core components of digital safety. Users are encouraged to select reputable tools, keep devices updated, and activate biometric locks wherever possible. For those juggling dozens of accounts, the agency says these systems offer a practical and secure alternative to managing credentials manually.
As digital identity grows increasingly central to everyday life, the NCSC’s message is clear: strong security doesn’t need to be complicated, but it does need to evolve.
Image: DIW-Aigen
Read next: YouTube Introduces Stricter Livestreaming Rules to Protect Underage Users
