Chances are that many of you are already familiar with passkeys. Many people are still not, however. The term ‘passkey’ has been very difficult to miss in the last couple of years, especially if you’re reading about tech. That term is also often used in relation to passwords, as many people have been saying it will end passwords. So it has to be important, right? Well, it kind of is, but it seems to be confusing quite a few people. In this article, we’ll try to explain what passkeys are and provide you with a bevy of information on them.
What are passkeys?
Passkeys are basically alternatives to passwords that are supposed to keep your accounts even more secure. They’re also easier to use than passwords. Sounds wonderful, doesn’t it? Passkeys are basically different login credentials that allow you to log into your favorite sites and services. They rely on public-key cryptography instead of your username and password. In other words, you don’t need to remember anything, as long as you’re logging into sites/services from a device you already own. Your devices basically get a single-use logic credential every time you sign in to an account. That way, they cannot be stolen or anything of the sort, so they’re more secure than passwords.
- What are passkeys?
- Who created passkeys?
- Why do passkeys exist?
- Who are passkey providers?
- What apps use passkeys?
- How do passkeys work?
- What happens when you change a device?
- Where can you use passkeys?
- Are they expected to replace passwords?
Who created passkeys?
Why do passkeys exist?
Passkeys exist because passwords have become a problem, basically. People have a habit of using the same weak passwords repeatedly, which creates a security problem. That’s why companies have started introducing various demands for passwords. Demands such as including letters, numbers, and symbols, all three to be included in a password. On top of that, they started requiring specific lengths for passwords, and so on. Needless to say, that created a problem for users on a different level. They had to make up new passwords depending on requirements from various websites, which in turn created more and more different username and password combinations, which are really difficult and annoying to keep track of. On top of that, they’re vulnerable to phishing scams. Also, if your password manager provider messes up, your login credentials are at risk. The bottom line is, passwords have become an issue, hence the introduction of passkeys.
Who are passkey providers?
A passkey provider is an entity that enables the creation, management, and use of passkeys, basically. There are first-party and third-party passkey providers. First-key party passkey providers are operating systems that enable passkey creation and management, like iCloud Keychain and Google Password Manager, for example. Third-party password managers basically integrate with the platform through APIs, these are 1Password, Dashlane, NordPass, Proton Pass, Samsung Pass, and more.
What apps use passkeys?
Accounts need to support passkeys in order for them to work, of course. Not many of them do, but the major players in the industry do support them, at least in the tech world. Google, Microsoft, PayPal, TikTok, and so on. So as long as you log in through your Google Account, for example, you can use passkeys. There are a ton of companies involved, and the vast majority of them are clinging to passwords. It wasn’t easy for the FIDO Alliance to get passkeys to the point where they are at the moment. Passwords are far from being dead.
How do passkeys work?
Let’s say you want to use Google as your first-party passkey provider. In that case, things go through the Google Password Manager. Google will need to confirm your authenticator for passkey logins , which can be your smartphone, tablet, or perhaps your desktop PC. Private and public keys are generated by your authenticator, and the public key is stored on a company’s website for when you want to login. A private key remains a secret, and it ends up being stored on your device.
Once it’s time for a login, your passkey provider will send a challenge to the authenticator, and it will be up to your private key to solve it and then send a response back to the server. Once that is done, you’ll be able to access the account you’ve been trying to log into. From a user perspective, you can set things up so that only your fingerprint is required on your smartphone, and that’s it.
What happens when you change a device?
So, considering passkeys are tied to your device, e.g., a smartphone, you may be wondering what happens if you change your smartphone, upgrade to a new one. With passwords, that’s not exactly a problem, as you’re supposed to remember them, so you can simply type them in elsewhere. Well, it’s not exactly a problem with passkeys either. You can easily transfer them to your new device.
On Android, for example, when you set up your new phone, your end-to-end encryption keys will be transferred to it, along with the rest of your data. Just make sure that you do actually transfer your data. If you’re wondering what happens if you damage or lose your device and are unable to access its data, well, that’s not a big deal either. You can still recover your passkeys from an online backup. You will need to provide your PIN, password, or pattern in order to do that, though, of course. On iOS, the process is a bit different, but it’s also not a problem to recover your passkeys.
Where can you use passkeys?
Tons of sites and services support passkeys at this point in time. The situation is much better than it was a couple of years ago. If you’re still wondering what the exact list is, 1Password actually has a really nice directory, a list if you will. You can access it by clicking here , and it’s also searchable. So if you’re wondering if some specific site/service supports passkeys, type it in, and voila. Or you can simply scroll through the list, which is alphabetical. Either way, you’ll easily get the information you need.
Are they expected to replace passwords?
Many people have been saying that passkeys will replace passwords. That doesn’t mean passwords will go fully extinct, but that passkeys will be used as a predominant method of login. That was the whole purpose of their creation after all. Will it happen, though? Well, that remains to be seen, as the usage hasn’t really spread as fast as FIDO would like. People still mostly use passwords, even though passkeys are, indeed, an easier and technically more secure method of login. We’ll see how things will go in the coming years, but it seems like FIDO is sticking to the plan.
Updated August 7, 2024:
Google has decided to update Passkeys UX on Chrome for Android . The user interface looks quite a bit different now. Chrome on Android now integrates the Credential Manager, so it allows third-party password managers to provide passkeys on Android 14 and later. You can see the differences in the UI design in the gallery below, side by side. It does look more streamlined now.
Updated September 20, 2024:
One of the most popular social media networks, X (formerly known as Twitter), decided to add passkey logins for Android users . That option was already available for iOS users, from January. That’s when it launched in the US, while the rest of iOS users received the option back in April. It’s finally Android’s time.
Google is also making it easier to use passkeys across your devices . You are now able to save passkeys to Google Password Manager from Windows, macOS, Linux, and Android. ChromeOS support is also coming soon, by the way. Once they’re saved, they’ll automatically sync across your devices, so all you’ll have to do is scan your fingerprint. Until now, you could only save passkeys to Google Password Manager on Android. Using it on other devices requires you to scan a QR code.
Updated June 5, 2025:
Based on a survey by Morning Consult, Gen Z and Millennial users are far more likely to use passkeys. Gen X and Baby Boomers are leaning towards older log in methods aka passwords. What’s also interesting is that only about 30% of Gen X and Baby Boomers use social log-ins daily. Bitwarden has reported that around 30% of Gen Z users often forget passwords to important accounts. The findings are quite different from one generation to the next, and that is to be expected. They usually are when it comes to technology.
Updated January 2, 2026:
Telegram, a well-known messaging app, has received passkey support . Users can now create a passkey to instantly log into their accounts without needing an SMS code or password. All you need to do is navigate to Settings within the app, and then locate the ‘Privacy and Security’ section. There you’ll see the ‘Passkey’ option. Once you tap ‘Create Passkey’, the app will generate a unique cryptographic passkey tied to your account, which will be stored on your device. Once you do that, you’ll be sign in using your fingerprint or face scan without a problem.
