Don't change your passwords ― delete them! How to login on iPhone, Android, and Windows with passkey instead

All products are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more

GETTY IMAGES
Aaron Brown

By Aaron Brown


Published: 15/04/2024

- 09:09

Updated: 15/04/2024

- 09:09

Passkeys are a secure alternative to traditional passwords

Imagine a world without the headache of forgotten passwords, the strain of dreaming up a different password for every online account, and the anxiety of getting hacked. Believe it or not, this utopia is possible with passkeys — an industry standard co-created by Apple, Microsoft, and Google.

Passkeys will unlock your online accounts without the need to type a password. Instead, a supported device or app will check your identity using biometrics, like facial or fingerprint recognition, and then vouch for you to the website or mobile app that you're trying to access. And that's it.


If you pay using Apple Pay or Google Pay, check your bank balance on a mobile app, or unlock your PC using Windows Hello — you're already used to the convenience of biometrics. Passkeys bring that same simplicity and security to every login. No more forgotten passwords scribbled on Sticky Notes or tapping the "Forgotten Password?" prompt to desperately attempt to reset your login for the umpteenth time.

Let's be honest, traditional passwords are far from secure. They're easily guessed and frequently stolen.

In the last few weeks alone, we've seen security researchers unearth the so-called "mother of all breaches", with billions of stolen usernames and passwords for popular sites like LinkedIn, X (formerly Twitter), Telegram, and Dropbox. Not only that, but hackers used credential stuffing to break into half a million Roku accounts and spend money using saved payment details.

Even if you're fortunate enough not to be caught up in a data breach ...you could be using a password that fraudsters already know. Passkeys are slowly being adopted by the biggest online services and applications, with Elon Musk enabling support on X for iPhone owners just this week.

What is a passkey?

Passkeys were developed by the FIDO Alliance, an industry body with the stated aim of helping to "reduce the world’s over-reliance on passwords" with the likes of Apple, Google and Microsoft amongst its members. First promoted as an alternative to passwords back in mid-2022, the clever system relies on the same biometrics that allow you login to your iPhone, iPad, Windows PCs, Samsung phones and tablets, Android phones, and dozens more, without typing out a password or PIN.

Using the facial or fingerprint recognition built into your device, the operating system will then vouch for you to the app or website that you're trying to access — completely bypassing the need for a password.

If you're the sort of person who regularly finds themselves tapping the "Forgot Password?" prompt when trying to login to a website or app, passkeys could then perfect solution as there's nothing to remember. Since every account gets its own bespoke passkey, even if one of these services is hacked (as we've seen happen so often lately) there's no risk to your other accounts.

This removes one of the biggest threats to online security: when users rely on the same email address and password combination for multiple online accounts. It only takes one of these websites to be breached for some of the most important online services that you rely upon, including online banking, email, and shopping sites with saved card details, to fall like dominoes. This common hack is known as credential stuffing, and it's one of the reasons that fraudsters will spend money on leaked logins on the Dark Web.

Social engineering, which sees hackers correctly break into your profile by knowing real details about your life — mother's maiden name, the street you grew up on, first pet, and the like — to pass the account recovery steps, isn't possible with passkeys either.

How to use a passkey

If you find yourself on a website or app that supports passkeys — like X on iPhone — you'll be able to create an account that forgoes an old-fashioned password. During the process, you'll be asked to confirm your authenticator.

This is the service that will verify your identity. It can be a smartphone with biometrics, like Face ID or Touch ID on the iPhone, another mobile device, a laptop or desktop PC with Windows Hello, or a password manager. A number of the most popular password managers already support passkeys and will verify your identity and then autofill any login details on the website or app.

screenshot of nordpass with passkeys categories secured

NordPass, a popular password manager, has been updated to store encrypted passkey and synchronise these secure logins across all of your devices

NORDPASS PRESS OFFICE

iPhone, Android, Windows 10, and Windows 11 have all been updated to support passkeys.

Most often, these unique codes will be encrypted and stored online, using a service like iCloud or Google Password Manager, so you can authenticate your login from multiple devices. It also has the benefit of ensuring that all of your login details will be waiting for you if you upgrade to a new phone, laptop, or tablet in the future.

Password managers like 1Password, LastPass, or NordPass will keep your passkey safely stored across devices. These services offer apps dozens of the most popular devices, from smartphones to web browsers, so you'll always be able to login with a tap.

Some of these apps will rely on a single master password to secure your vault of login credentials, while others support fingerprint scanners and facial recognition.

Chrome, Edge, Safari and Firefox have all been updated to support passkeys. Just ensure you're running Chrome version 79 or higher, version 13 or newer for Safari, and Firefox version 60 or more recent.

LATEST DEVELOPMENTS

Which websites and apps support Passkeys?

  • Adobe
  • Amazon
  • Apple iCloud
  • Bitwarden
  • Binance
  • Coinbase
  • Dashlane
  • DocuSign
  • eBay
  • FreePrints
  • GitHub
  • GoDaddy
  • Google
  • Hancock.ink
  • KAYAK
  • LinkedIn
  • Microsoft
  • Nintendo
  • Nvidia
  • OnlyFans
  • PayPal (Mobile Apps Only)
  • PlayStation (Sony Account)
  • Robinhood
  • Roblox
  • Shopify
  • TikTok (iOS)
  • Uber
  • Virgin Media
  • WebAuthn.io
  • WhatsApp
  • WordPress
  • X / Twitter (iOS)
  • Xbox
  • Yahoo!
  • Yandex

You may like