Nigeria, April 23 -- In updated advice released alongside a technical report at the CYBERUK conference on Thursday, the agency said passwords have become increasingly vulnerable to common cyberattacks, particularly phishing, in which users are tricked into revealing login details.

The NCSC is instead promoting passkeys, a password-free sign-in method that uses cryptographic keys stored on a user's device. The system creates a pair of keys: a private key kept on the device and a public key held by the online service. Officials say the private key is never shared, meaning it cannot be stolen from servers.

"The headaches that remembering passwords have caused us for decades no longer need to be a part of logging in, where users migrate to...