Breaking AI & Tech News Analyzed

The National Cyber Security Centre (NCSC) has officially stopped recommending passwords where passkeys are available, urging consumers to adopt the newer, phishing‑resistant technology for all digital services. NCSC Declares Passwords Obsolete in Favor of Passkeys In a statement released this week, the NCSC said passwords can no longer withstand today’s cyber‑threat landscape. Passkeys, described as a “digital stamp” stored on a user’s device, provide a password‑free login that leverages biometrics such as facial recognition or a device PIN. Adoption Rates and Breach Statistics Google reports that just over 50% of its UK users have a passkey registered. Research by Cybernews highlighted the exposure of billions of login credentials in recent data‑leaks, underscoring the fragility of password‑based systems. Common passwords like “123456”, “admin”, and “password” remain among the most used globally, according to Nordpass. Why Passkeys Could Redefine UK Digital Security Passkeys cannot be harvested through phishing attacks because the private component never leaves the user’s device. Even if a service is breached, the stolen data is useless without the corresponding device‑held private key. Experts such as Dave Chismon, senior tech expert at the NCSC, note that passkeys are faster and simpler for users than remembering complex passwords or navigating two‑factor authentication. Future Outlook: Widespread Passkey Adoption and Remaining Challenges Analysts expect rapid growth in passkey usage as more platforms integrate the standard and as public awareness rises. However, challenges remain, including the need for robust biometric safeguards and user education on protecting device PINs. Alan Woodward, professor of cybersecurity at Surrey University, points out that facial‑recognition technology now incorporates “proof of liveness” to thwart spoofing attempts, but the security ecosystem will continue to evolve in a cat‑and‑mouse dynamic. Key recommendations for users: Enable passkeys wherever offered; fall back to strong, unique passwords only when necessary. Activate two‑factor authentication on accounts that still rely on passwords. Keep device software and apps up to date to benefit from the latest security patches. Maintain strict control over device PINs and biometric data.

The United Kingdom’s cyber‑defence agency has issued a stark warning: Russian‑affiliated hackers are targeting everyday internet routers to conduct espionage operations. By compromising these edge devices, attackers can steal user credentials, redirect traffic to fraudulent sites, and potentially infiltrate other connected gadgets such as smartphones and computers. According to the National Cyber Security Centre (NCSC), the campaign appears opportunistic, casting a wide net before filtering for high‑value intelligence targets. This mirrors a broader trend where threat actors focus on hardware that bridges users to the cloud, often overlooking the security of routers and network cameras. Professor Alan Woodward of the University of Surrey emphasized that routers are frequently forgotten, becoming weak points in home and small‑business networks. "If a router is compromised, attackers can reroute users to fake banking sites, establish persistence on the network, and probe connected devices for further vulnerabilities," he explained. The NCSC attributes the activity to the notorious group APT28, also known as Fancy Bear, which is almost certainly linked to Russian intelligence services. APT28 previously orchestrated high‑profile attacks, including the 2015 breach of the German parliament that exposed confidential emails and legislators' schedules. In a parallel move, the U.S. Federal Communications Commission has prohibited the sale of all consumer‑grade routers manufactured outside the United States, citing "unacceptable risks to national security." The FCC warned that foreign‑made routers have been exploited to facilitate espionage, disrupt networks, and steal intellectual property. While most routers are produced in China or Taiwan, exceptions like Elon Musk’s Texas‑made Starlink devices are unaffected. Privacy specialists caution that a blanket ban will not resolve existing vulnerabilities, especially for legacy routers that no longer receive security patches. Woodward urged small businesses and individuals to keep firmware up to date and monitor network activity for anomalies. The article also revisits the 2016 Bangladesh central bank heist, where hackers siphoned $80 million by exploiting cheap, second‑hand routers that were exposed to the internet. Investigators believe a North Korean state‑linked group was behind that attack, illustrating how compromised routers can serve as gateways to critical financial systems. Overall, the NCSC’s alert underscores a growing geopolitical cyber‑threat landscape, where state‑sponsored actors leverage everyday hardware to gather intelligence and disrupt adversaries.