The UK official National Cyber Security Centre (NCSC) has published a blog on the value of passkeys and password managers in keeping people’s data safe online.
Definition
A password manager is, the NCSC set out, like a secure vault that stores your login credentials for websites and apps. You only need to remember one primary password, and the manager takes care of the rest. Most websites still need you to have a password, yet the technology landscape is changing and increasing numbers of websites are offering passkeys as an alternative to passwords. A passkey is a passwordless login technology based on public-key cryptography. Itโs a new standard developed and supported by the likes of Apple, Google, and Microsoft. Websites like Google, eBay, and PayPal already support them. The NCSC describes them as easy to use, and hard to compromise; and they eliminate ‘password fatigue’. The two main types of password manager to consider are:
First party: provided by the device-maker or browser-maker, such as Chrome, Safari, Edge, and Firefox.
Third party: provided by another company that you install separately but might integrate with your browser.
If convenience is most important to you, use the password manager provided by your browser or device manufacturer to generate and manage your passwords, the NCSC suggests. If you want additional features, have a complex mix of devices/browsers or want to avoid being โlocked inโ to a vendor, choose a third-party.
Comment
Anne Cutler, cybersecurity specialist at Keeper Security said: “Itโs encouraging to see the NCSC reinforcing what the cybersecurity industry has long advocated for: the use of password managers as an essential, modern tool to improve security posture at organizations of all sizes.
“We welcome this latest guidance, particularly the emphasis on avoiding vendor lock-in. While browser-based password managers may offer convenience, they fall short when it comes to enterprise-grade security, robust access controls, auditing capabilities and zero-trust architecture. A zero-knowledge, zero-trust password manager provides military-grade security, seamless provisioning across devices and operating systems, and compliance with industry standards. Additional features such as password rotation, secure sharing capabilities and role-based access controls are fundamental to good credential hygiene in modern businesses.
“With AI-powered attacks and credential phishing continuing to evolve rapidly, itโs not just about storing passwords – itโs about how securely you manage them. A third-party password manager will provide organisations with the flexibility and security they need without tying them to a single browser or vendor ecosystem.”
