- The German government wants to make passkeys its main authentication method
- Claims passkeys are more secure, easy to use and resistant to phishing attempts
- Passkey familiarity is still pretty low, Germany admitted (in 2024)
The German government has set out plans to replace passwords with passkeys as the main authentication method, with the latter being seen as more secure, phishing-resistant and user-friendly.
A BSI (Germany’s Federal Office for Information Security) announcement was complemented by draft guidelines (BSI TR-03188), detailing how passkeys compare a public key stored on the website with a private key stored on the user’s device.
Device-bound passkeys (stored locally and linked to a device) and synced passkeys (stored in encrypted cloud for multi-device access) were both noted as acceptable authentication methods.
Germany wants to standardize passkey use
Because passkeys are account-specific, they cannot be reused across multiple sites, instantly boosting security. Despite best practice guidance, it’s a fact that many of us still use the same passwords across multiple accounts for ease. But being stored on-device or in the cloud means users won’t need to remember passkeys for every account.
Passkeys are also resistant to man-in-the-middle attacks and phishing attempts, because they require a user’s own private key to be used from an approved device.
“We must make cybersecurity as simple as possible and at the same time robust. Passkeys are a perfect example of how to meet technical challenges with technical solutions. The future belongs to them,” BSI President Claudia Plattner said (translated).
Still, the BSI recognizes that there’s a long way to go. A 2024 report found that only 38% were familiar with passkeys, and adoption only stood at 18%. There’s also the fact that passkeys were slow to take off, with few websites offering the option to generate a passkey-based login during the early days.
Today, though, Germany’s government isn’t the only body recognizing the benefits.
In May 2025, Microsoft declared it would be making all new accounts passkey-accessible by default – eventually this is expected to extend to existing accounts too.
You might also like
The post Germany’s government wants to replace passwords with passkeys first appeared on TechToday.
This post originally appeared on TechToday.