Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
The first post of this thread is a WikiPost and can be edited by anyone with the appropiate permissions. Your edits will be public.

ipedro

macrumors 603
Original poster
Nov 30, 2004
6,347
8,947
Toronto, ON
Sign In with Apple was the precursor for Passkeys. Given the way it's been engineered, it looks like all of those that have added support for Sign In with Apple will work from the get go with Passkeys – if not directly, then through Sign In With Apple which will look and act the same when logging in with an Apple device. Outliers that refused to jump on the bandwagon will more likely join Passkeys since it's endorsed by Google and Microsoft via the FIDO Alliance.

Please edit this Wiki to add websites and apps that support or have announced support for Passkeys:

Supports Passkeys:

  1. PayPal
  2. GoDaddy
  3. eBay
  4. Kayak
  5. Shopify
  6. Google
  7. Github
  8. Nintendo
 
Last edited:
eBay web site supports passkeys. I don’t know since when, but it prompted me to create a passkey yesterday, although it doesn’t seem to work with the app yet, so don’t delete your password just yet.
 
When I signed in with PayPal a couple weeks ago on my iPhone it gave me the option to create a PassKey for login on my iOS device. I selected the option to test it out and it works. The passkey appears in my Settings app too.
 
When I signed in with PayPal a couple weeks ago on my iPhone it gave me the option to create a PassKey for login on my iOS device. I selected the option to test it out and it works. The passkey appears in my Settings app too..
I tried just now and neither the app nor the website prompted me to create a passkey
 
Last edited:
  • Like
Reactions: Shifts
Weird. eBay won’t ask for my passkey anymore. Maybe they were just testing it.
 
Individual websites have to be coded to use Passkeys... which hardly any are. I suspect this will take years before it is widely implemented across the web (beyond Apple-centric sites).
 
GoDaddy has rolled out Passkey support. D98BF2A5-F11F-4604-8B4B-1605CCFFEC3C.jpeg
 
  • Sad
Reactions: eTip
Google has support for Passkeys but it’s still a little janky. It thinks it’s a removable key and sometimes asks you to “remove the key and plug it back in”.

9607F9A3-D5BA-4D92-9143-3DD2897EC832.jpeg
 
True passkey support replaces both the password and any second-step/multi-factor authentication steps when logging in. Google’s current security key support is a form of 2-step verification that’s only presented after entering a password.

Webauthn credentials and the browser/OS trigger mechanisms are common to passkeys and FIDO 2SV security keys so the same or similar UI may pop when using both.

When Google publicly launches passkey support for Google accounts, after creating a passkey you won’t need to enter a password and the wording during the login flow should be much clearer you’re using a passkey.


I don’t have a GoDaddy account to test but ‘Email me a secure code’ isn’t consistent with passkeys.


The eBay login looks like the support they’ve had for an earlier form of password-less sign-in Apple’s supported since Safari 14 in 2020. It’s similar to passkeys in login flow, uses Webauthn and Touch/Face ID but credentials aren’t stored long-term or shared between devices with iCloud Keychain.
 
  • Like
Reactions: eTip and marc.s
Best Buy’s another site with Biometric Webauthn sign-in.

Ebay and Best Buy probably need minimal changes to be fully passkey friendly.
 

Attachments

  • BestBuyWebauthn.png
    BestBuyWebauthn.png
    190.2 KB · Views: 298
  • Like
Reactions: ipedro
Do we need to enable something in the settings? I have the latest beta version of iOS 16, and tried all these apps, and no one offered me to enable Passkey
Try eBay in the browser.. app not updated yet... and it will look like this...
 

Attachments

  • 1106531-cd5bf5ae1eaec3cfbf0866d3dcaf0993.jpg
    1106531-cd5bf5ae1eaec3cfbf0866d3dcaf0993.jpg
    11.3 KB · Views: 211
As highlighted by the video in this WebKit blog, kayak.com fully supports passkeys.

You can create an entirely passwordless account.

update: You can create a brand-new passwordless account. If you have a pre-existing kayak account with a password, or you add a password to your passwordless account, there’s currently no way to delete the password.

There are some other improvements Kayak should still make, like supporting auto-fill for email entry. They let you create multiple passkeys, which is good, but there’s no way to manage your multiple passkeys with names or delete them.

These are the little usability details that’ll separate good Passkey support from the great.
 
Last edited:
  • Like
Reactions: marc.s and dk001
Is anyone actually able to create a Passkey in PayPal yet? The app doesn't allow me to, and the website is so buggy (which is not surprising, it being PayPal) it dismisses the passkey prompt before I'm able to accept it.
 
  • Like
Reactions: Shifts
PayPal doesn’t support passkeys yet. Just a password and optional 2-step verification.

Many people have mistaken 2-SV support for security keys as passkey support, but when a website does support passkeys, you don’t need to enter a password to log in. In fact, you need to be able to delete your old password once you have a passkey, otherwise the password is still the weakest point of entry.

BestBuy sort of supports passkeys (Sign In with WebAuthn) but if you have 2SV enabled it still asks for that in addition to the passkey. You also can’t delete your password yet.

Many websites/apps may delay password deletion until they’re satisfied their passkey implementation is working perfectly.
 
  • Like
Reactions: marc.s and dk001
Most of these services don’t actually support passkeys yet. eBay does, but GitHub still sees it as a 2FA. It’s not great, but it’s a starting point. If only we were able to actually add one in PayPal…
 
  • Like
Reactions: eTip
Even eBay is limited as I think they use a cookie to tie the biometric log-in to the device you enable it on.

Try logging in on another device and eBay doesn’t even prompt for the biometric login. It’s not proper passkey support.
 
  • Like
Reactions: marc.s
One of the better kept “secret” new features of iOS 16 is the addition of passkeys: a new technology for unlocking apps on your phone. This technology, based on joint development throughout the industry, is designed to eventually supplant passwords as the means of unlocking apps (and hopefully someday devices).

Read more here: https://developer.apple.com/passkeys/

I encountered my first passkeys app (Kayak) yesterday sheet the release of iOS 16. Let’s list others here (I’ll make this a wiki)

Apps Supporting Passkeys

  • Kayak
 
Last edited:
All: This topic should be of sufficient interest that it should be in the main iOS 16 forum. Mods were nice enough to move it there. I'll add my contribution to the wiki post.
 
Several account/security middleware providers have working demos or production-ready services with passkey support.

hanko.io demo: passkeys.io

passage.id demo: passage.id/demo

ownid.com used by:
nescafe.com (possibly other Nestlé sites too)​

The OwnID accounts are a bit flawed in that if you delete your passkey or otherwise lose access to your account, they send a 4-digit code to your email, but once logged in you can’t add a new passkey.

Longer-term, I don’t know if allowing email recovery is considered best-practise because your email account might be poorly protected and the weakest point of entry.
 
Last edited:
Several account/security middleware providers have working demos or production-ready services with passkey support.

hanko.io demo: passkeys.io

passage.id demo: passage.id/demo

ownid.com used by:
nescafe.com (possibly other Nestlé sites too)​

The OwnID accounts are a bit flawed in that if you delete your passkey or otherwise lose access to your account, they send a 4-digit code to your email, but once logged in you can’t add a new passkey.

Longer-term, I don’t know if allowing email recovery is considered best-practise because your email account might be poorly protected and the weakest point of entry.
Are these solid enough to add to the wiki post at the top of this thread?
 
The CardPointers app is the first passkey-supported app I’ve seen in the wild that is not locked behind some 2FA barrier as a ”security key” like Google and Microsoft. I tried setting up a passkey in Microsoft Authenticator but it wouldn’t let me because it thinks I’m on a private browser. I tried on the website but the option doesn’t exist, so I left a one-star review on the App Store to get their $h!t fixed
 
  • Angry
Reactions: kitKAC
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.