What a passkey is
A passkey logs you in using a cryptographic key pair stored on your device. You don't need to create or remember a password — you unlock it with your fingerprint, face or PIN.
It's based on the FIDO2/WebAuthn standards and is being backed jointly by Apple, Google and Microsoft.
Why it's safer
The strengths of passkeys.
- There's no password to leak in the first place
- It works only on a specific domain, making it phishing-resistant
- Only the public key is stored on the server, so a leak is meaningless
- You unlock it on the device with biometrics or a PIN
How to use it
Supported services are growing quickly.
- Choose 'Create a passkey' in your account security settings
- Sync across devices with iCloud Keychain, Google's password manager and the like
- Register it on several devices and security keys to prepare for loss
When you still need a password
Not every service supports passkeys. Unsupported services still need a strong password and two-factor authentication, and using passkeys together with a password manager is the realistic best approach.