What Is a Passkey? Here’s How to Set Up and Use Them (2025)

In nan arena your instrumentality is mislaid aliases stolen, you tin reconstruct your passkeys utilizing nan relationship you created it with. For instance, Google allows you to shop passkeys successful nan Google Password Manager and sync them crossed your devices. Windows and iCloud Keychain only activity connected their respective operating systems, but they're tied to your Microsoft and Apple accounts, respectively.

Are Passkeys Safe?

Passkeys are safe, moreover much truthful than a long, random password. When you motion successful pinch a passkey, you nonstop a fistful of accusation to nan work you’re signing into, including your nationalist key, which is stored arsenic a practice of you arsenic a user. This accusation unsocial doesn’t do anything.

On nan instrumentality wherever you created nan passkey, you'll person to prosecute successful a “challenge” to unlock your backstage key, usually immoderate shape of biometric authentication. If nan situation is successful, it’s signed and sent backmost to nan work you’re trying to log into. That situation is past checked against nan nationalist key, and if it’s a match, you’re fixed access. Critically, this authentication happens connected your device, not connected a server acold away.

Although biometric authentication is really you'll typically interact pinch passkeys connected a mobile device, it's not a requirement. On Windows, for example, you request to authenticate pinch Windows Hello, which tin usage your device's PIN. On Android, you tin usage a pin aliases pattern.

With a password, there’s a ton of room for an attacker to perchance bargain your password. Data breaches mightiness expose your password, and moreover if it’s encrypted, it tin beryllium cracked. Phishing schemes are an easy vector of onslaught for hackers looking to bargain passwords. And, if you’re utilizing a work pinch spotty information practices, you could person a password exposed arsenic plaintext successful a breach; location are dozens and dozens of examples of this happening before.

Passkeys vs. 2FA and MFA

Passkeys are tricky because they alert successful nan look of information conventions that person been astir for years—namely, two-factor (2FA) aliases multifactor authentication (MFA). Although you don’t request to plug successful a codification from a matter aliases transcript thing complete from an authenticator app, passkeys inherently usage multifactor authentication. It conscionable happens truthful accelerated that it’s easy to miss.

MFA is astir adding further layers of protection beyond your password. Instead of conscionable your password, you request it and a codification texted to you, for example. Passkeys already activity that way. You request to lucifer nan public-private cardinal pair, but you besides request to authenticate that you person entree to that backstage key. It’s not “something you cognize and thing you own,” arsenic 2FA is usually described, but it’s still 2 layers of authentication.

Here's really Shikiar describes it: “When you motion in, nan work issues a cryptographic situation that tin only beryllium answered pinch nan backstage cardinal connected your device, verified by thing you person (like your telephone aliases laptop) and often thing you are (like a biometric). The consequence is simply a phishing-resistant login pinch nary reusable credentials to steal.”

Devices and Browsers That Support Passkeys

Passkeys are broadly integrated astatine an operating strategy level. If you’re utilizing an OS that doesn’t natively support passkeys—i.e., Linux—you tin still usage them. However, you’ll request to usage different device, for illustration your phone, to scan a QR codification and authenticate yourself, aliases a third-party password manager.

Here are nan operating systems that afloat support passkeys: