What Are Passkeys?
A passkey is a cryptographic credential that replaces your password. Instead of typing a password that gets sent to a server, your device creates a unique public-private key pair. The private key never leaves your device — the server only stores the public key. Authentication happens when your device proves it holds the private key, usually unlocked by your fingerprint, face, or device PIN.
This means there is no password to phish, no password to reuse across sites, and no password database to breach. Passkeys are built on the FIDO2/WebAuthn standard, developed by the FIDO Alliance (whose members include Apple, Google, and Microsoft).
Passkeys vs. Passwords
| Feature | Passkeys | Passwords |
|---|---|---|
| Phishing resistant | Yes | No |
| Can be reused across sites | No (unique per site) | Often reused |
| Exposed in data breaches | No (server has public key only) | Yes (hashes can be cracked) |
| Requires memorization | No | Yes (or password manager) |
| Built-in 2FA | Yes (device + biometric) | No (separate step) |
Which Services Support Passkeys in 2026?
Passkey adoption has accelerated significantly. Major services now supporting passkeys include:
- Google: All Google accounts. Enable at myaccount.google.com → Security → Passkeys.
- Apple: Apple ID and iCloud. Passkeys sync via iCloud Keychain across all Apple devices.
- Microsoft: Microsoft accounts and Windows sign-in via Windows Hello.
- Amazon: Enable in Account Settings → Login & Security → Passkeys.
- PayPal: Available in Account Settings → Security → Passkeys.
- GitHub: Settings → Password and authentication → Add a passkey.
- WhatsApp, LinkedIn, TikTok, Uber, eBay, Adobe, Best Buy, Shopify, Nintendo, Kayak, X (Twitter), Yahoo — all support passkeys.
For a complete, up-to-date directory, visit passkeys.directory.
How to Set Up Passkeys
Apple (iPhone, iPad, Mac)
- Passkeys sync automatically via iCloud Keychain across all devices signed into the same Apple ID.
- When a supported site offers passkey creation, your device prompts you to save one.
- Authentication uses Face ID, Touch ID, or device passcode.
- Requires iOS 16+, iPadOS 16+, or macOS Ventura+.
Google (Android, Chrome)
- Passkeys are stored in Google Password Manager and sync across Android devices.
- Go to myaccount.google.com → Security → How you sign in → Passkeys to create one for your Google account.
- Authentication uses fingerprint, face unlock, or screen lock.
- Requires Android 9+ and Chrome 109+.
Windows
- Windows Hello handles passkey authentication via PIN, fingerprint, or facial recognition.
- Passkeys can be stored locally or synced via a password manager.
- Requires Windows 10 (with updates) or Windows 11.
Passkeys and Password Managers
Password managers have embraced passkeys, solving the cross-platform sync problem:
- 1Password: Stores and syncs passkeys across all platforms (iOS, Android, Windows, Mac, browser extensions).
- Bitwarden: Passkey storage and cross-platform sync in all plans.
- Dashlane: Full passkey support with cross-device sync.
Using a password manager for passkeys means you are not locked into one ecosystem — your passkeys work on Apple, Android, and Windows devices equally.
Current Limitations
- Not all services support passkeys yet. You still need passwords for many accounts. Keep your password manager.
- Account recovery can be harder. If you lose all your devices and have no backup, recovery requires the service's fallback process (which may still use email/SMS).
- Cross-platform sync depends on your setup. Apple-to-Android sync requires a third-party password manager. Native passkeys don't sync between ecosystems.
- Some older devices lack support. FIDO2 requires relatively recent hardware and software.
Should You Switch to Passkeys?
Bottom Line
Enable passkeys on every service that supports them. Keep your password manager for services that don't. Passkeys are the single biggest improvement in consumer authentication security since two-factor authentication. They are not experimental — they are production-ready and endorsed by Apple, Google, and Microsoft.
Frequently Asked Questions
What happens if I lose my phone?
If your passkeys are synced via iCloud Keychain, Google Password Manager, or a third-party password manager like 1Password or Bitwarden, they are available on your other devices and can be restored when you set up a new phone. If you only had passkeys on a single device with no sync, you will need to use the service's account recovery process.
Are passkeys more secure than passwords with 2FA?
Yes. Passkeys are inherently two-factor: something you have (your device) and something you are (biometric) or know (PIN). They are also phishing-resistant — a fake website cannot intercept a passkey the way it can capture a password and 2FA code. Passkeys eliminate the most common attack vectors against passwords.
Can passkeys be hacked?
Passkeys are extremely resistant to remote attacks. There is no shared secret to intercept, no password to guess, and no code to phish. The private key is stored in secure hardware (like Apple's Secure Enclave or Android's Titan chip). Physical access to your unlocked device would be required to misuse a passkey.
Do passkeys work across Apple and Android?
Native passkeys (iCloud Keychain or Google Password Manager) do not sync between Apple and Android. However, third-party password managers like 1Password, Bitwarden, and Dashlane sync passkeys across all platforms. If you use devices from multiple ecosystems, use a cross-platform password manager for your passkeys.
Should I delete my passwords after setting up passkeys?
No. Keep your passwords as a backup until you are confident in your passkey setup and recovery options. Many services still accept both passwords and passkeys. Over time, as passkey support becomes universal, passwords will become less necessary, but we are not there yet.