Passwords have always been a bit of a mess. If they’re simple, they’re easy to guess. If they’re strong, you’ll probably forget them. Most people reuse them anyway, which makes things worse.
Passkeys are meant to replace that system.
What A Passkey Actually Does
A passkey is stored on your device and used to log you in without typing a password. When you try to sign in, your phone or computer recognises the account and asks you to confirm your identity using Face ID, a fingerprint or a PIN. Once verified, you’re logged in.
Behind the scenes, this works using a pair of cryptographic keys. One stays on your device, and the other is stored with the service you’re logging into. They only work together, which is why passkeys can’t be copied or reused like passwords.
Why People Are Moving Away From Passwords
Passkeys remove a few common risks. They can’t be guessed, they aren’t reused across sites, and they don’t work on fake websites. If you land on a phishing page, your device simply won’t offer the passkey because the domain doesn’t match.
They’re also not exposed in the same way during data breaches, since there’s no stored password to steal.
Where Passkeys Are Stored
Most people will use the default system on their device. Apple devices store passkeys in iCloud Keychain, Android and Chrome use Google Password Manager, and Windows stores them through Microsoft accounts. These usually sync across your devices as long as you’re signed in.
If you want more flexibility across platforms, password managers like 1Password or Bitwarden also support passkeys. There are also hardware options like YubiKey, which store them offline.
How To Start Using Passkeys
You can only use passkeys on services that support them, but adoption is growing. Look for the option in account or security settings on platforms like Google, Microsoft, Apple and PayPal.
Setting one up usually takes a few seconds. You choose the passkey option, confirm your identity using your device, and it’s saved automatically. The next time you log in, your device will prompt you to use it instead of asking for a password.
Using A Passkey On Another Device
If you’re logging in on a device that doesn’t have your passkey, you may see a QR code. You scan it with your phone, confirm your identity, and you’re logged in. The passkey itself isn’t transferred and stays on your original device.
Passkeys are still being rolled out, so not every site supports them. Some services still require passwords as a backup, and the experience can vary depending on the device you’re using. It can also be unclear where your passkey is stored if you use multiple devices or managers.
They also depend on your device security. If someone gains access to your unlocked phone or laptop, they may be able to use your passkeys, so features like screen lock and biometric protection remain important.
So if a service offers passkeys, it’s worth enabling them. You don’t need to replace everything at once, but using passkeys where available reduces reliance on passwords and simplifies the login process.
