The predominant way of signing on to a service is an alphanumeric password. Over the years, physical security keys have emerged to offer a more secure method of logging in to accounts or a device. But thanks in no part to hackers breaching the conventional password system with tactics like email phishing and keylogging (among other techniques), solutions like authenticator apps and two-factor verification emerged.
But each solution comes with its own set of drawbacks, with ease of usage being one of them. Even with two-factor authentication, the arrival of the 2FA code depends on cellular connectivity. To solve these security shortcomings, tech giants — including Microsoft, Google, and Apple — joined hands to pioneer a system of passwordless sign-ins.
What are passkeys?
The solution was passkeys, a system that ditches passwords in favor of more secure on-device verification methods like face match, fingerprint verification, or even the PIN that users enter to unlock their phone. The idea is to get rid of the system of passwords and, with it, all the risks and hassles that come with it. Plus, passkeys also remove two-factor authentication from the equation because passkeys are essentially a confirmation that you are in ownership of your device.
Developed in collaboration with the FIDO Alliance and the World Wide Web Consortium (W3C), passkeys are finally ready to end your password sign-in woes across all your computing devices, including smartphones. If all that sounds convenient and reassuring, read on to learn the steps for enabling the passkey system on your phone and tablet.
What you need to enable passkeys
Passkeys can be enabled on both mobile and desktop platforms. If you seek to enable passkeys on your smartphone, make sure that it is running at least iOS 16 or Android 9. Also, if you are planning to use a physical security key, like those made by Yubico, make sure that is at least FIDO-2 certified.
In order to set up passkeys on desktop, make sure that your PC is running Windows 10 or macOS Ventura. Plus, the browser of your choice must also be updated to Edge v109, Chrome v109, or Safari v16, or a later version. The final requirement is that your device must already have a screen lock set up and should support Bluetooth connectivity, as well.
If you aim to enable the passkey system on your iPhone or iPad, they are stored as part of your iCloud Keychain and also sync across all devices on which you have signed in with the same Google account. Thankfully, you can recover your passkeys if you ever lose or misplace your device.
All you need to do is access your Google account and enter the authentication key — PIN code, pattern, or password — of your lost device. However, do keep in mind the passkeys stored on a physical security key can’t be recovered if the device is lost.
Another important aspect to keep in mind is that you should enable passkeys on your personal devices only.
How to create a passkey on your phone or tablet
Since we are dealing with mobile platforms here, we’ll focus on Android and iOS. If you are an Android phone user, passkeys are stored in your Google Password Manager, and they are synced between all devices with the same Google account signed in. For Apple device owners, it’s the iCloud Keychain that lends a helping hand.
The steps for creating a passkey are largely the same for most websites, though there may be some subtle differences depending on which site/app you’re making a passkey for. As an example, here’s a step-by-step guide for creating a passkey for your Google account — on both Android and iOS.
Step 1: On your phone, open the web browser of your choice and open the passkey website. You will now land on a page where you need to sign in with your Google account.
Step 2: Depending on your two-factor authentication, you will get an email notification and/or a Google notification prompt asking you to verify whether it was really you that entered the password and tried to log in. If you haven’t enabled two-factor authentication, you will directly be taken to the next page after entering the password.
Step 3: On the passkey’s set-up, you will see a list of all the devices on which you have signed in. For some of the devices, passkeys have been automatically created because Android devices automatically create passkeys when you access your Google account. For others, like an iPhone or iPad, you need to tap on the blue Use passkeys button.
Step 4: After you tap on the blue button and verify the iCloud keychain prompt, a prompt will appear on the screen telling you that a passkey has been created for the device. Tap on the blue Done, and you’re good to go. Next time you try to access your Google account, your device will verify your identity with a face scan, fingerprint authentication, or screen lock.
Step 5: You can verify a passkey has been created for your iPhone or iPad by going to Settings and following this path: Passwords > google.com > Passkey Options. If the passkey has been created, you will see Created Today written against the passkey option.
Passkeys are a great security addition because they lock your account credentials and rely on the unique identity of the device in your hand. If you are selling your device or switching to another, you can always delete the passkey from your iPhone’s Settings section or by visiting the device dashboard of your Google account.