Security guide

Passkeys and Passwordless Login

What a passkey is

A passkey logs you in using a cryptographic key pair stored on your device. You don't need to create or remember a password — you unlock it with your fingerprint, face or PIN.

It's based on the FIDO2/WebAuthn standards and is being backed jointly by Apple, Google and Microsoft.

Why it's safer

The strengths of passkeys.

  • There's no password to leak in the first place
  • It works only on a specific domain, making it phishing-resistant
  • Only the public key is stored on the server, so a leak is meaningless
  • You unlock it on the device with biometrics or a PIN

How to use it

Supported services are growing quickly.

  • Choose 'Create a passkey' in your account security settings
  • Sync across devices with iCloud Keychain, Google's password manager and the like
  • Register it on several devices and security keys to prepare for loss

When you still need a password

Not every service supports passkeys. Unsupported services still need a strong password and two-factor authentication, and using passkeys together with a password manager is the realistic best approach.

Back to guides