Passwords are dead?

Updated on 1 May 2026

It’s actually happened – passwords are a thing of the past. Or at least according to the NCSC they are. The National Cyber Security Centre came out recently saying that passkeys are the next big thing, and the safest way to secure your accounts.

But who is the NCSC? Well, for us, they’re just down the road at GCHQ, and they’re responsible for keeping any UK organisation safe online. So this new publication is a big deal.

Passwords are required for pretty much any online account these days, whether that’s banking, social media, email. The list goes on. And remembering all of those, while also making sure they’re different enough to be secure, is an impossible task for any human without an eidetic memory. This is where passkeys come in.

What is a passkey?

A passkey is a highly secure way of logging into your accounts without having to use a password. It’s a passwordless technology based on a very secure public-key cryptography, that uses your biometric information, like a fingerprint or face recognition, or a PIN to authenticate you. Because of this, and because it’s so unique to you, passkeys are more resistant to phishing attacks and data breaches. Even two-factor authentication can’t promise this level of security, as a well-crafted phishing attack can take your one-time code as you’re generating it.

So back to the NCSC. Why are they saying this now? Well, studies suggest that over 80% of data breaches involve stolen work or weak credentials. And with AI tools on the rise, education on how digital security is changing can’t move fast enough to keep up with the growing demands and advances. So it’s best to get ahead of the game to secure your accounts now, before it’s too late.

Why does this matter for businesses?

If you’re a business owner, a data breach or phishing attack could have a catastrophic effect on your daily workflow, and even long term success. Customers are less likely to trust you, GDPR is broken, and the time and money it would take to fix the damage caused would mean a lot of lost business.

Outside of the security aspects, daily operations will become more efficient, as employees won’t spend time juggling passwords or waiting for SMS codes to arrive. In fact, the NCSC actually claims that passkeys make logins 8 times faster than using a username, password, or 2FA code. That means fewer passwords, fewer support requests, and less friction accessing the tools employees need to do their jobs.

When speaking to our Head of Business and Community Outreach, Dan Smale, he had this to say on the topic:

"For small businesses, passkeys solve the hardest problem in cyber security – the human one. You can't train your way out of phishing. But with passkeys, a convincing fake login page is just a webpage, it can't steal anything, because there's nothing to steal."

Another key point to remember is that you should always keep your apps and devices up to date. This means you’ve got the latest security patches and updates, on top of having your passkey enabled, so you’re doing the most to keep data safe.

How do you use a passkey?

Passkeys can be added to whatever trusted devices you use, whether that’s a laptop, tablet, or phone. They’re created, stored, and managed by your credentials manager (aka password manager). This is likely something like Apple Passwords, Google Password Manager, or Samsung Pass.

The credentials manager utilises your PIN, or biometric login data to unlock your device to make sure it’s you, before letting you use the passkey. It also backs up all your passkeys and can copy them to other devices, so you don’t need to set up lots of separate ones.

If you’d like to set up a passkey, you need to go to the security settings on your chosen service, like Google, LinkedIn, Microsoft, or PayPal. Basically, whichever accounts you want to keep secure.

Once you’re there, there should be an option to add a passkey. The site will ask you to authenticate with your device PIN, face ID or fingerprint, just to confirm it’s you.

And that’s it! Your passkey is set up and saved to your credentials manager. This means you can access the accounts without needing a password on any of your devices.

Where should you start?

Set up a passkey on the accounts that are the highest risk, like business email, cloud storage, banking, or anything business critical. It sounds obvious, but starting with this is the best step to fully securing your business and data.

And if there’s a system you use that doesn’t yet support passkeys, the NCSC still recommends using a credentials manager, as well as two factor authentication.

Security you can trust

We know exactly how important security is. It’s what keeps businesses flowing, and builds trust between you and your customers. Our security measures, both physical and digital, are of the highest standards, keeping your data secure from breaches, attacks and physical damage. Our Worcester data centre is Tier IV-certified, the highest in data centre certifications, and ISO 27001-certified for information security. We’ve also got 24/7 CCTV and monitoring at all our data centres, as well as rigorous fire safety methods in place.

Plus, when it comes to keeping your websites secure, our Web Hosting packages come with a free SSL certificate. And for that extra layer, you can add Acronis Cyber Protect to keep everything backed up in case of disaster.

If you’d like to chat about your security options, need a bit of advice, or have a question about one of our products, you can give us a call on 0333 271 3550 or message us via live chat. Our teams are available 24/7 to help.

What is a passkey?

Why does this matter for businesses?

How do you use a passkey?

Where should you start?

Security you can trust

You might also like

What is DDoS protection?

How can I stop a DDoS attack?

What happened to data privacy in 2025?

How to fix and prevent a “503 service temporarily unavailable” error

Why shadow tech is the hidden risk your business can't ignore

Self-employed? Here’s how to protect your data