Nationwide Building Society has issued an update regarding potential changes to its account security measures, following new guidance from the National Cyber Security Centre (NCSC). The building society, which operates branches in Birmingham, responded to a customer inquiry on social media platform X (formerly Twitter) about adopting passkeys as an alternative to passwords.
NCSC Recommends Passkeys Over Passwords
The NCSC, part of the UK government's Communications Headquarters (GCHQ), has recommended that users transition from traditional passwords to passkeys, describing them as "more secure." The centre stated: "The digital industry is moving rapidly towards offering passwordless authentication for logging into online services and accounts, and many major platforms already support it. The NCSC supports the public adoption of passkeys and recommends using passkeys over passwords wherever available."
Customer Inquiry and Nationwide's Response
A Nationwide customer took to social media to ask: "Nationwide does not appear to have issued a statement about why it does not use them for banking. As your customer I would like a statement please about when you will adopt passkeys." In response, Nationwide said: "At present Nationwide has not adopted passkeys. Any future changes will be clearly communicated in advance. We don't currently have an announcement or timeline to share on passkeys. However, we appreciate you taking the time to raise this topic."
Expert Views on Passkeys
Dave Chismon, a senior tech expert at the NCSC, commented: "Passwords have never been a perfect solution from a user perspective because we need to keep adding things to try and make them more secure. And yet, they are still phishable and the extra security involved makes users' lives harder. Whilst the technology is complex, for a user passkeys are quicker and simpler than remembering a password or going through two-factor authentication."
The NCSC advises users to check account security or privacy settings on apps and websites they already use, or look out for prompts from services asking them to upgrade to passkeys. Users may also be offered to set one up when creating a new account.
