Passkeys supported sites and apps

[Shin-Ra]

Are these solid enough to add to the wiki post at the top of this thread?

I don’t know how useful/popular some of these sites are (I’d never heard of carnival) but until there’s a few dozen major sites with support, they could all be listed.

The CardPointers app is the first passkey-supported app I’ve seen in the wild that is not locked behind some 2FA barrier as a ”security key” like Google and Microsoft. I tried setting up a passkey in Microsoft Authenticator but it wouldn’t let me because it thinks I’m on a private browser. I tried on the website but the option doesn’t exist, so I left a one-star review on the App Store to get their $h!t fixed

Nice, that’s another one. Their website doesn’t support passkeys yet but the app does for sure. You can create multiple passkeys but can’t delete your password or surplus passkeys.

The Kayak app as well as their website supports passkeys. The app has the benefit of not needing to type your email, it automatically prompts to use an existing passkey.

 

[neiltc13]

Even eBay is limited as I think they use a cookie to tie the biometric log-in to the device you enable it on.

Try logging in on another device and eBay doesn’t even prompt for the biometric login. It’s not proper passkey support.

I've been trying this today and it's definitely not designed with Passkeys in mind.

I set up a Passkey on my iPhone and it was working fine to log in to the eBay site.

However, I then switched to my Mac, and as you said it didn't allow me to use the Passkey to log in.

Worst of all - it then prompted me to set up 'fingerprint log in' with Safari on Mac - when I did this (which was not creating a Passkey but Safari presented a very similar interface) the Passkey that was in my iCloud Keychain was deleted. There was no warning this would happen and i seems like a big flaw in Apple's implementation. I can't see the previously created Passkey on my iPhone or Mac any more.

It could be that this is because I've not updated to macOS Ventura, but I thought with the recent Safari 16 update I wouldn't need to.

 

[gwhizkids]

I've been trying this today and it's definitely not designed with Passkeys in mind.

I set up a Passkey on my iPhone and it was working fine to log in to the eBay site.

However, I then switched to my Mac, and as you said it didn't allow me to use the Passkey to log in.

Worst of all - it then prompted me to set up 'fingerprint log in' with Safari on Mac - when I did this (which was not creating a Passkey but Safari presented a very similar interface) the Passkey that was in my iCloud Keychain was deleted. There was no warning this would happen and i seems like a big flaw in Apple's implementation. I can't see the previously created Passkey on my iPhone or Mac any more.

It could be that this is because I've not updated to macOS Ventura, but I thought with the recent Safari 16 update I wouldn't need to.

I suspect that passkeys are a system-level as opposed to a Safari-based setting. So I doubt it is available for any Mac not yet on Ventura.

 

[maryland]

Passkeys will come to Big Sur and Monterey with Safari 16.1, currently in beta:

https://twitter.com/i/web/status/1570158270266109955

 

[Kmart9419]

Carnival.com seems to support passphrase. I clicked on webauthn and it asked me if I wanted to use a passkey. I said yes then it responded that I didn't have an account. So I created an account then added a passkey. Everything works. However, I ended up with two passkeys in keychain. So not knowing which one to delete, I just selected one then tried to login at carnival. Oops, deleted the wrong passkey. I deleted both of them and tried to add a new passkey.

Adding a new passkey didn't seem possible. When I click on webauthn, I get the screen to scan or use external security. In fact, after failing that, carnival sends me a 4 digit sms that logs me in. That is absolutely horrible. Login via sms should outright be banned for how unsecure it is.

I played around with the options but I couldn't get a new passkey added. So I'm basically out of luck with passkey.

 

[Shin-Ra]

Carnival.com seems to support passphrase. I clicked on webauthn and it asked me if I wanted to use a passkey. I said yes then it responded that I didn't have an account. So I created an account then added a passkey. Everything works. However, I ended up with two passkeys in keychain. So not knowing which one to delete, I just selected one then tried to login at carnival. Oops, deleted the wrong passkey. I deleted both of them and tried to add a new passkey.

Adding a new passkey didn't seem possible. When I click on webauthn, I get the screen to scan or use external security. In fact, after failing that, carnival sends me a 4 digit sms that logs me in. That is absolutely horrible. Login via sms should outright be banned for how unsecure it is.

I played around with the options but I couldn't get a new passkey added. So I'm basically out of luck with passkey.

Yup, flawed implementation atm. See post: https://forums.macrumors.com/threads/passkeys-supported-sites-and-apps.2353325/post-31463844

At least once OwnID improve things on their end, all the dependant sites (with passkey enabled) benefit together.

daimani.com’s another site using OwnID login.

 

[Kmart9419]

The whole passkey experience has been bad. Apple themselves don’t use the feature. I don’t think there is one single site that has passkey setup properly yet.

eBay in private mode only asks for login and password. Nvidia you have to scroll all the way to the bottom. PayPal for some reason added a couple of passkeys and I deleted. Now I can’t add passkeys at all.

*correction on carnival, they send a 4 digit login code via email and not text which could easily be as bad as using text.* eBay I think uses texts after passkey failure. So we go from extremely secured with passkey to extremely unsecured with texts and email. I’m just shaking my head with this.

Passkey is in beta. Apple should say so.

 

[Shin-Ra]

A few updates on passkey supporting sites/apps:

webauthn.io‘s been updated to be more passkey and autofill-friendly but there’s compatibility issues with Safari. I find cancelling the first iOS prompt to create a passkey but going through with a second attempt creates a passkey that can be successfully authenticated.

authgear.com I found this a couple of weeks ago but couldn’t remember the url. At least one site (formx.ai) is using their service with passkeys enabled.

(App) robinhood.com claims their app now supports passkeys. The app’s unavailable in my region so I can’t confirm.

 

[IvanW]

I don’t see apple sites supporting passkeys.

Exactly, with Google and Microsoft both accepting security key as login method to their respective services (Microsoft even promoting passwordless login) Apple not following suit is a glaring absence in the whole Passkey narrative.

 

[alexclst]

Is anyone actually able to create a Passkey in PayPal yet? The app doesn't allow me to, and the website is so buggy (which is not surprising, it being PayPal) it dismisses the passkey prompt before I'm able to accept it.

I am seeing the same issue. Annoying, but also not too surprising I guess.

 

[Shin-Ra]

Hanko, the company behind the passkeys.io demo have an even more modern, streamlined sign-in experience with passkey support in this w.i.p. demo: https://example.stg.hanko.io/


ithemes.com launched a plug-in to add passkey log-ins to WordPress built websites.

(App) robinhood.com claims their app now supports passkeys. The app’s unavailable in my region so I can’t confirm.

This website now supports passkey sign-in like their app.

 

[alexclst]

I am seeing the same issue. Annoying, but also not too surprising I guess.

So I read, and have now confirmed, that we can set up a "Passkey" for Paypal in Chrome using our phones, and then it will work in Safari on Macs as well.

 

[Shifts]

Just tried logging into PayPal in Safari (iOS) and app. Nothing. I even had to do a captcha dance to login. No prompt. Nothing under account or security. 🤷‍♂️

 

[marc.s]

Paypal announced support yesterday for the website on ”devices running iOS 16, iPadOS 16.1, or macOS Ventura” but I don’t see the option yet.

 

[maryland]

PayPal? Ah yes, the same company that finally launched support for physical FIDO2 security keys a couple of months ago but then:

1) limited it to adding only one key and
2) making the key not work in mobile Safari, although requesting the desktop site magically makes it work

 

[samwa3]

After upgrading to Safari 16.1, even on my old MacBook Pro that does not support macOS Ventura, I was able to login using a Passkey on a website. Very nice.

 

[ipedro]

Will MacRumors support passkeys @arn?

 

[bushman4]

Going to take awhile for developers to add passcode as they’re not putting out an update just for that

 

[samwa3]

Exactly, with Google and Microsoft both accepting security key as login method to their respective services (Microsoft even promoting passwordless login) Apple not following suit is a glaring absence in the whole Passkey narrative.

Even though passkeys are by no means an Apple-only thing and hopefully should get better support on all kinds of systems by the minute, with Apple they expect you (currently) to store your passkeys in their passkey manager, i.e. your iCloud keychain.

If Apple would transition to using passkeys for login only, that'd mean there's some kind of bootstrap issue. Where is that passkey stored that you're using for logging into your Apple ID? In your keychain that you can only access through your... Apple ID?

And if you're just suggesting to have passkeys as another optional 2FA mechanism, then alright that would of course always work. But also not really bring any advantages in terms of convenience or security. The current 2FA implementation through other devices is robust. Whether you type in a 6 digit code or scan a QR code... hard to say which is really more convenient for everyone. Requiring the Bluetooth beacon / proximity check like with passkeys might be a good idea to make it even more secure, but as it's just an additional factor I don't see it making a big difference.

So therefore I would say no, the narrative works fine. Passkeys are plenty interesting and there are many reasons for Apple to get behind them, even if they don't use them themselves with their Apple ID accounts.

 

[Kmart9419]

Just tried logging into PayPal in Safari (iOS) and app. Nothing. I even had to do a captcha dance to login. No prompt. Nothing under account or security. 🤷‍♂️

Same here.

 

[ipedro]

Going to take awhile for developers to add passcode as they’re not putting out an update just for that

The foundation Apple set with Sign in with Apple will make it easier for web developers who also have apps to make the move. Other sites that are starting from the ground up may take longer but there's a real incentive to get on with it. Passkeys isn't just a convenience to users, it's a huge weight lifted off website owners' shoulders who currently have to manage security and are constantly on edge with the possibility of losing email/password lists to hackers and the PR nightmare that would cause.

 

[MegaBlue]

Best Buy has supported passkeys for a while. They've actually supported the technology behind passkeys before Apple even added it to iOS.

 

[lancastor]

You can use Passkeys on all sites which supports Yubikey.

Passkey support in iOS acts like you connected a Yubikey via NFC/Lighnting/USB.

 

[Apple_Robert]

You can use Passkeys on all sites which supports Yubikey.

Passkey support in iOS acts like you connected a Yubikey via NFC/Lighnting/USB.

I wouldn't think the number of sites that support Yubikey would be very many.

 

[rhpt]

How does one setup Passkey for eBay? I have never gotten a prompt or anyway to setup Passkeys on the website or app