Passkeys are replacing passwords. They’re faster to use, harder to hack, and work across your devices. This guide shows you exactly how to create a passkey, why you’d want one, and how to use it on sites and apps that support them.
What Is a Passkey?
A passkey is a digital credential that unlocks your accounts without needing a password. Instead of typing characters, you use something you already have: your fingerprint, face, or a PIN on your phone, laptop, or security key.
When you create a passkey, your device generates two matched codes. One stays private on your device. The other goes to the website or app. When you log in, your device proves it’s really you, without ever sending your passkey across the internet.
This is different from passwords because no secret string of characters exists that someone could steal or guess.
Why Create a Passkey?
Before we explain how, understand why you might want one:
Security: Passkeys can’t be phished. Hackers can’t guess them. They can’t be stolen from databases.
Speed: No typing required. Unlock in seconds with your face or fingerprint.
Convenience: One less password to remember. Your device handles the complexity.
Cross-device access: Your passkey works on your phone, laptop, and tablet if set up correctly.
Sites like Google, Microsoft, Apple, Amazon, and Uber now let you create passkeys. Major banks are adopting them too.
How to Create a Passkey: Step by Step
The exact steps vary by site and device, but the general process is the same.
Step 1: Check If the Site Supports Passkeys
Not every website accepts passkeys yet. Look for:
A “passkey” option in account settings or sign-up screens. Language like “unlock with face,” “unlock with fingerprint,” or “use a security key.” A small icon showing a key or biometric symbol.
You can create passkeys on Google, Microsoft, Apple, Amazon, GitHub, PayPal, and many others. More sites add support each month.
Step 2: Go to Your Account Settings
Log into your account the normal way first (password or email link).
Find your account settings or security section. This is usually under a profile menu, settings icon, or account tab.
Look for options like “Security,” “Sign-in options,” or “Passkeys.”
Step 3: Start the Passkey Creation Process
Click the button to add a passkey or enable passwordless sign-in.
The site will ask you to authenticate one more time to confirm it’s really you. This might mean entering your password or getting a code sent to your email.
You may see options like:
Create a passkey on this device Use a passkey from another device Add a security key as your passkey
Choose what works for you.
Step 4: Authenticate with Your Device
Your phone, laptop, or security key will prompt you to prove your identity.
On most modern devices, this means:
Fingerprint: Place your finger on the sensor. Works on phones and some laptops.
Face recognition: Look at your camera. Works on most newer phones and some laptops.
PIN or pattern: Enter a number or pattern you set up. Works on any device.
Security key: Insert a physical key or use one that connects via Bluetooth. These are the most secure option.
Choose whichever method your device supports.
Step 5: Name Your Passkey (Optional)
Some sites let you name your passkey. You might call it “iPhone,” “Work Laptop,” or “Security Key 1” if you create multiple passkeys.
Naming helps if you use passkeys on several devices.
Step 6: Confirm and Save
Review the details and confirm. The site will show a success message.
Your passkey is now created and linked to that account.
You don’t need to do anything else. The site has stored its copy of your public key, and your device keeps its private copy safe.
Creating Passkeys on Different Devices
On iPhone or iPad
- Go to Settings > Passwords (or Settings > [Your Name] > Password & Security on newer versions)
- Tap “Add a Password or Passkey”
- Scan the QR code shown by the website or app, or tap the link
- Verify with Face ID or Touch ID
- The passkey is created and synced to your iCloud Keychain
Your passkey syncs across all your Apple devices through iCloud.
On Android
- Open the Settings app
- Go to Google Account > Security > Passkeys
- Tap “Create passkey”
- Tap the link or scan the QR code from the website
- Verify with your fingerprint, face, or PIN
- Confirm the passkey
Android syncs your passkeys through Google, so they work on any Android device signed into your Google Account.
On Windows
- Go to Settings > Accounts > Sign-in options
- Find the section for Passkey or Windows Hello
- Click “Create a passkey” or “Add a passkey”
- Follow the on-screen prompts
- Use Windows Hello (face or fingerprint) or a PIN to confirm
- Name the passkey if prompted
On Mac
- Open System Settings > General > Passwords
- Click the plus button to add a passkey
- Scan the QR code or click the link from the website
- Verify with Touch ID, Face ID, or your Mac password
- The passkey is saved to your iCloud Keychain
Using a Physical Security Key
If you prefer a hardware key:
- Insert the key or connect it via USB/Bluetooth
- Follow the website’s passkey creation flow
- When prompted, touch or interact with the key to confirm
- The site registers your key as the passkey
You can use keys like Yubico or Google Titan. Physical keys work with almost any site that supports passkeys.
How to Use Your Passkey to Log In
Once you’ve created a passkey, using it is straightforward.
Standard Login Flow
- Go to the website or app login page
- Enter your email or username
- Look for a “Use a passkey” or “Sign in with passkey” button
- Your device asks you to verify (fingerprint, face, or PIN)
- You’re logged in
The entire process takes seconds.
Backup Codes and Recovery
When you first create a passkey, some sites give you backup codes. Save these somewhere safe, like a password manager or physical notebook.
If you lose your device and can’t access your passkey, you’ll need these codes to recover your account.
What Happens If You Lose Your Device
If your passkey was synced to the cloud (through iCloud, Google, or Microsoft), sign into that account on a new device and your passkey is available.
If your passkey wasn’t synced, use your backup codes to access your account again. Then create a new passkey on your new device.
Multiple Passkeys on the Same Account
You can create more than one passkey per account.
Why you might do this:
Have a passkey on your phone and your laptop Keep a security key as a backup Maintain both a work device and personal device
How to add another passkey:
Go back to account settings where you created the first one Click “Add another passkey” Follow the same creation steps Name it differently so you remember which device it’s on
Most sites let you manage all your passkeys in one place. You can delete old ones, rename them, or disable them if a device is lost.
Passkeys vs. Passwords
| Feature | Passkey | Password |
|---|---|---|
| Vulnerability to phishing | Nearly impossible | Very vulnerable |
| Database breaches | Safe even if breached | Compromised immediately |
| Forgetting it | Not possible | Common problem |
| Time to log in | 2-5 seconds | 10-30 seconds |
| Needs backup method | Yes, backup codes | Sometimes recovery email |
| Works across devices | Yes, if synced | Yes, if remembered |
| Setup difficulty | Easy on modern devices | Simple but forgettable |
Common Issues and Solutions
Issue: The website doesn’t show a passkey option
Solution: The site may not support passkeys yet. Check if there’s a beta option for passkeys or check back in a few months as adoption grows.
Issue: My passkey won’t work on my new phone
Solution: If you didn’t sync it to the cloud, you’ll need to either sign in with your backup code and create a new passkey, or sign in on your old device and re-register the passkey.
Issue: I see a “passkey not recognized” error
Solution: Make sure you’re using the correct biometric (the same fingerprint you registered, for example). If it still fails, use a backup code to access your account.
Issue: Can I use the same passkey on multiple websites?
Solution: No. Each passkey is unique to one account on one website. But you can have a passkey on your phone that works on all your accounts through that phone.
Issue: What if I need to log in from a friend’s computer?
Solution: Use a backup code instead. Passkeys work best on devices you own and have set up.
Frequently Asked Questions
Are passkeys really more secure than strong passwords?
Yes. Passkeys can’t be phished, guessed, or stolen in database breaches. A strong password of 16 characters is still vulnerable to these threats. Passkeys eliminate the attack vectors that passwords have.
Can someone steal my passkey?
Only if they have access to your unlocked device. Passkeys are encrypted and stored locally. They don’t travel across the internet. Even if someone gets into the website’s database, they can’t use the stored public key to impersonate you.
Do I need a passkey on every account?
No. Start with accounts that matter most: email, banking, social media. Other accounts can stay with passwords for now. As more sites support passkeys, you can gradually switch over.
What’s the difference between a passkey and biometric authentication?
Your biometric (fingerprint, face) is how you unlock your passkey on your device. The passkey itself is the cryptographic credential. You unlock the credential with your biometric, and the passkey authenticates you to websites.
Can I use a passkey on someone else’s device?
Passkeys are designed for devices you own. If you must log in on a shared device, use a backup code or password instead, then sign out immediately. Never save a passkey on a device you don’t control.
Summary
Creating a passkey takes about two minutes and offers serious security improvements over passwords. Start with an account that matters to you: your email, bank, or social media. Most modern phones, laptops, and tablets support passkeys now.
The process is simple: authenticate with your device, confirm the creation, and you’re done. Your passkey works instantly on future logins, and you’ll never have to remember another complex string of characters.
Passkeys are the future of account security. The more accounts you move to passkeys, the safer your digital life becomes.
