NCSC Advocates for Password Managers and Passkeys: A Secure Future

The National Cyber Security Centre (NCSC) has issued a comprehensive guidance document emphasizing the importance of utilizing password managers and passkeys, labeling them as pivotal tools for enhancing digital security. The recommendation aligns with a growing consensus among cybersecurity experts that traditional passwords are increasingly vulnerable and ineffective in safeguarding online accounts.

This guidance was first reported on June 26, 2025, by Emma Woollacott in IT Pro, which outlines the advantages of password managers and passkeys as innovative solutions to combat the pervasive issue of password fatigue and security breaches. The NCSC's blog post articulates that first-party, browser-based password managers—integrated into platforms like Chrome, Safari, Edge, and Firefox—offer an accessible way for users to manage their passwords securely. With the integration of advanced security features, these tools have become essential in mitigating risks associated with password theft.

According to Greg Wetmore, Vice President of Product Development at Entrust, the transition from passwords to passkeys represents a significant leap in cybersecurity measures. Wetmore highlighted that passwords are not only challenging to remember but also prone to breaches. Research indicates that over half of individuals must reset their passwords monthly due to forgetfulness, underscoring the inadequacy of traditional password systems. "Creating a unique, secure password for each account is nearly impossible for the average person, who manages approximately 170 passwords. Passkeys provide an excellent technical response to these issues," Wetmore stated.

The NCSC's guidance delineates how passkeys operate. Developed and supported by leading technology firms including Apple, Google, and Microsoft, passkeys utilize public-key cryptography to facilitate passwordless logins. Instead of relying on a single password, devices generate a unique pair of keys for each user account: one key is retained on the user’s device, while the other is provided to the service provider at the time of registration. This unique pairing ensures that the passkey is only valid for the specific website or application it was created for, significantly enhancing security against phishing attacks. The NCSC noted that logging in with a passkey can be up to eight times faster than traditional methods, making it a user-friendly option as well.

However, the NCSC also cautioned users to remain vigilant about cybersecurity best practices, even while adopting new technologies. Regular updates, the use of biometric locks, and reliable backup recovery options are essential to maintain security integrity. The agency encouraged users not to shy away from adopting passkeys, asserting, "They are easier to use and represent the future direction of internet security."

The advice from the NCSC is also supported by a broader trend in the industry. A report from the Cybersecurity & Infrastructure Security Agency (CISA) in 2022 highlighted that traditional password systems are increasingly inadequate due to the rise of sophisticated cyber threats. As such, the adoption of password managers and passkeys is seen as an essential strategy for both individuals and organizations aiming to enhance their cybersecurity posture.

In summary, the NCSC's advocacy for password managers and passkeys highlights a significant shift in digital security practices. With industry leaders endorsing these tools, the future of authentication appears to be moving towards more secure, efficient methods that prioritize user convenience and robust security. The potential for passkeys to eliminate the complexities and vulnerabilities of traditional password systems marks an important milestone in the ongoing battle against cybercrime. As organizations and individuals alike consider integrating these technologies, the implications for cybersecurity strategies will be profound, paving the way for a more secure digital landscape.