A passkey is a digital credential that is used as an authentication method for a website or application.[1][2][3] The passkeys standard is a type of passwordless authentication, promoted by the World Wide Web Consortium and the FIDO Alliance.[4] They are often stored by the operating system or web browser and synchronized between devices from the same ecosystem using the cloud,[1][5] however they can also be confined to a single device such as a physical security key.[2]
Passkeys are designed to be more convenient and phishing-resistant than conventional authentication methods.[4][6] They are normally secured using possession (of the device or security key), and often utilize biometrics as an additional security factor, neither of which require the user to memorize a password.
In marketing material, the terms passkey or passkeys are preferred over related terms such as FIDO or WebAuthn, because they are less likely to cause confusion.[7] It is a common misconception that passkeys are specific to Apple devices.[7]
The term passkeys was first popularized in June 2022 when Apple announced they would be adding support for the passkeys standard in iOS and macOS.[6][1] This was the first time that most people had heard the term, and many assumed that it was specific to Apple. However, the term is also used by other companies such as Microsoft and Google,[7] and therefore should be used as a common-noun (i.e. lowercase except when starting a sentence).[7][2][4] Google announced that Android and Google Chrome would support passkeys in October 2022[8] and support for personal Google Accounts in May 2023.[9]
Dashlane was the first company to support storing passkeys in a web browser extension, with the public release in August 2022,[5] followed by NordPass in February 2023.[10] In May 2023, Google anounced it is incorporating passkeys into its login services.[11]
Other password managers have plans to support this in the future.[12][13]