What Are Apple Passkeys and How to Use Them

Are you tired of trying to keep track of all your online passwords? Or does the fear of being a victim of a phishing attack run through your head every time you log in to an application? If so, then Apple has some good news for you. Apple has eliminated the need for passwords with passkeys. In this guide, we cover what Apple passkeys are and how you can use them on a Mac, iPhone, and iPad.

What Are Apple Passkeys?

Before we dive into the anatomy of passkeys, let’s go over how traditional passwords work.

How Do Traditional Passwords Work?

When you register an account, you enter a username and password. The application’s (or website’s) server that you are logging in to stores this information. To log in to your account, you need to enter the username and password for the server to authenticate that it’s you who’s trying to gain access by matching the entered username and password with the stored credentials.

This is how we have been logging in to our accounts, and with the use of two-factor authentication, it has become quite secure. However, there are many points of failure when you log in with a password. For instance, you can be phished.

Tip: check out the best 2FA apps that will sync with multiple devices.

How Do Apple Passkeys Work?

Unlike regular passwords, where you enter a secret phrase and gain access to your accounts, passkeys do things a little differently. Instead of just having one secret phrase to log you in, passkeys require two secret phrases: one that is stored on your device and verifies your identity and another that’s stored on the application’s end that authenticates its legitimacy.

The secret key stored on your device is known as a private key, and the one stored on the application’s end is known as the public key. To log in to an application or website, your device will first check the application’s public key, and when it is verified, it will use the associated private key to authorize the sign-in.

All of this happens in the background, and you only have to verify your identity with Touch ID or Face ID. Since passkeys also verify the legitimacy of the application before using your secret key to log in, there is no chance of phishing or other hacking attempts.

Good to know: if you want to stay on top phishing and hacking attempts, you may need to change password, and maybe even your Apple ID.

Which Devices Support Passkeys?

Apple announced Passkeys for iOS 16, iPadOS 16, and macOS Ventura. If your device supports these updates, then you can use passkeys to log in. One thing to keep in mind is that passkeys are not Apple’s exclusive feature.

In fact, it was developed by the “FIDO (Fast IDentity Online) Alliance,” an open alliance of tech companies. They work to ensure that the reliance on passwords is decreased due to the threats they pose. It’s also a reason that another name for a passkey is FIDO authentication.

Google also announced that passkeys would be available in Android by the end of 2022 for developer testing. Windows will be getting support for passkey in the near future as well.

Tip: If you’re worried about your passwords in Google, learn how to use the Google password manager in Chrome.

How to Use Apple Passkeys on Your iPhone, iPad, and Mac

To get started, you need to enable iCloud Keychain, as it syncs Apple passkeys across all of your Apple devices. To enable Keychain on your iPhone or iPad, head to “Settings -> [Your name] -> iCloud -> Keychain,” then toggle on “iCloud Keychain.”

How to Enable Passkeys on Mac

Follow these steps below to use Apple Passkeys on your Mac:

1. Click the Apple icon in the top-left corner of the screen and select “System Settings” from the drop-down menu.

2. From the panel on the left, click your name and profile picture at the top to access the Apple ID section.

3. Toggle on “Keychain.”

When you enable iCloud Keychain, it may ask you to authorize with two-factor authentication. If you haven’t set up 2FA, you need to before enabling the Keychain.

How to Set Up Apple Passkeys on Mac

Apple has made the transition from old-school passwords to passkeys very seamless. It uses Autofill to type your information and Touch ID or Face ID for biometric verification. Follow the instructions below to create an Apple passkey:

1. Head to the website or application that supports FIDO authentication (or passkeys).

2. Click “Register,” “Sign Up,” or “Sign In,” based on what you would like to do.

3. Enter your information or use Autofill to do it for you.

4. You will be asked to save a passkey for that website. Click “Save Password” and verify using Touch ID or Face ID.

Following the verification, the system will create a passkey for that website or application. The next time you want to log in using Apple passkeys, click “Continue” to select passkeys as the mode of authentication, then use Touch ID or Face ID as biometric verification.

How to Enable Passkeys on iPhone or iPad

Before you start using passkeys to log in to applications or websites on your iPhone or iPad, you’ll need to make sure iCloud Keychain is enabled. Follow the steps below:

1. Open the settings app on your iPhone or iPad and scroll down to the “Passwords” menu.

2. Tap “Password Options.”

3. Make sure “Autofill Passwords” is turned on and enable “iCloud Passwords & Keychain” from the menu below.

After enabling iCloud Keychain, Apple will ask you to authorize this action with two-factor authentication. If you haven’t set up 2FA already, do that before you enable Keychain.

Good to know: Are you using an iPhone with Windows? Follow this tutorial to learn how to use your iCloud Keychain on Windows.

How to Set Up Apple Passkeys on iPhone or iPad

Whether you’re creating a new account on a site/application or upgrading a preexisting one to use a passkey, the transition is quite simple. The only catch is that the app or website needs to have official support for passkeys.

Follow these steps to create a passkey on iPhone or iPad:

1. Go to the application or website that supports Fido authentication (or passkeys).

2. Tap “Register,” “Sign in,” or “Sign up,” depending on the situation.

3. Enter your information or let Autofill do it for you.

4. After entering the information once, Apple will ask if you want to save a passkey for the site or application.

5. Tap “Continue” and Apple will verify this change by using Touch ID or Face ID.

After the verification, Apple will create a passkey for that application or website. This passkey is synced across all of your Apple devices. The next time you sign in to the app or website, tap “Continue” to use a passkey as authentication. Your device will use Face ID or Touch ID for biometric verification and log you in.

FYI: did you forget your Apple Watch passcode? Learn how to reset your Apple Watch without it.

How to Recover Your Apple Passkey If You Lose Your Device

If you lose your device that has the passkey, you can use your other devices to sign in, as, again, the iCloud Keychain syncs passkeys across all Apple devices.

However, if you lose your only Apple device, you need to use the iCloud Keychain escrow to recover the passkey. iCloud Keychain escrow uses a secure infrastructure to ensure that only an authorized person recovers the lost passkey.

To recover your Apple passkey using another (or a new) Apple device (Mac, iPhone, or iPad):

1. Authenticate your identity by logging in to your iCloud account. If the device is not trusted, you may also receive an authentication SMS on your trusted phone number that you will have to enter before you’re logged in to your iCloud account.

2. Enter your device’s password.

3. Your passkeys will now be restored to the new device after verification.

Note that you only have 10 attempts to authenticate your identity, after which, iCloud will permanently delete the escrow and Keychain records. This security measure provides protection against a brute-force attack.

Tip: Learn how to make Safari on iOS save your passwords.

Frequently Asked Questions

How can I use passkeys on a non-Apple device?

If a website passkey is stored on your iPhone, you can still sign in to that website from a non-Apple device. Click “Other Sign-In Options” when logging in to generate a QR code. Next, scan the QR code with your iPhone and authenticate the passkey using Touch ID or Face ID.

Can Apple read the passkeys?

Apple cannot read the passkeys, as they are stored in the iCloud Keychain. Along with being synced across all of your Apple devices, they are also end-to-end encrypted.

Are passkeys a complete replacement for all online passwords?

Even though passkeys have the potential to completely replace all online passwords, they require some serious changes from the websites and applications to create and share the public keys. However, once a website or application has added FIDO support, you can use passkeys as a sign-in option.

Image credit: Unsplash. All screenshots by Hashir Ibrahim.