Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
The first post of this thread is a WikiPost and can be edited by anyone with the appropiate permissions. Your edits will be public.

Shin-Ra

macrumors regular
Jan 3, 2008
157
208
Are these solid enough to add to the wiki post at the top of this thread?
I don’t know how useful/popular some of these sites are (I’d never heard of carnival) but until there’s a few dozen major sites with support, they could all be listed.

The CardPointers app is the first passkey-supported app I’ve seen in the wild that is not locked behind some 2FA barrier as a ”security key” like Google and Microsoft. I tried setting up a passkey in Microsoft Authenticator but it wouldn’t let me because it thinks I’m on a private browser. I tried on the website but the option doesn’t exist, so I left a one-star review on the App Store to get their $h!t fixed
Nice, that’s another one. Their website doesn’t support passkeys yet but the app does for sure. You can create multiple passkeys but can’t delete your password or surplus passkeys.

The Kayak app as well as their website supports passkeys. The app has the benefit of not needing to type your email, it automatically prompts to use an existing passkey.
 

neiltc13

macrumors 68040
May 27, 2006
3,128
28
Even eBay is limited as I think they use a cookie to tie the biometric log-in to the device you enable it on.

Try logging in on another device and eBay doesn’t even prompt for the biometric login. It’s not proper passkey support.
I've been trying this today and it's definitely not designed with Passkeys in mind.

I set up a Passkey on my iPhone and it was working fine to log in to the eBay site.

However, I then switched to my Mac, and as you said it didn't allow me to use the Passkey to log in.

Worst of all - it then prompted me to set up 'fingerprint log in' with Safari on Mac - when I did this (which was not creating a Passkey but Safari presented a very similar interface) the Passkey that was in my iCloud Keychain was deleted. There was no warning this would happen and i seems like a big flaw in Apple's implementation. I can't see the previously created Passkey on my iPhone or Mac any more. :eek:

It could be that this is because I've not updated to macOS Ventura, but I thought with the recent Safari 16 update I wouldn't need to.
 
  • Wow
Reactions: dk001

gwhizkids

macrumors G5
Jun 21, 2013
13,252
21,399
I've been trying this today and it's definitely not designed with Passkeys in mind.

I set up a Passkey on my iPhone and it was working fine to log in to the eBay site.

However, I then switched to my Mac, and as you said it didn't allow me to use the Passkey to log in.

Worst of all - it then prompted me to set up 'fingerprint log in' with Safari on Mac - when I did this (which was not creating a Passkey but Safari presented a very similar interface) the Passkey that was in my iCloud Keychain was deleted. There was no warning this would happen and i seems like a big flaw in Apple's implementation. I can't see the previously created Passkey on my iPhone or Mac any more. :eek:

It could be that this is because I've not updated to macOS Ventura, but I thought with the recent Safari 16 update I wouldn't need to.

I suspect that passkeys are a system-level as opposed to a Safari-based setting. So I doubt it is available for any Mac not yet on Ventura.
 

Kmart9419

macrumors 6502
May 4, 2011
292
335
Carnival.com seems to support passphrase. I clicked on webauthn and it asked me if I wanted to use a passkey. I said yes then it responded that I didn't have an account. So I created an account then added a passkey. Everything works. However, I ended up with two passkeys in keychain. So not knowing which one to delete, I just selected one then tried to login at carnival. Oops, deleted the wrong passkey. I deleted both of them and tried to add a new passkey.

Adding a new passkey didn't seem possible. When I click on webauthn, I get the screen to scan or use external security. In fact, after failing that, carnival sends me a 4 digit sms that logs me in. That is absolutely horrible. Login via sms should outright be banned for how unsecure it is.

I played around with the options but I couldn't get a new passkey added. So I'm basically out of luck with passkey.
 
  • Sad
Reactions: dk001

Shin-Ra

macrumors regular
Jan 3, 2008
157
208
Carnival.com seems to support passphrase. I clicked on webauthn and it asked me if I wanted to use a passkey. I said yes then it responded that I didn't have an account. So I created an account then added a passkey. Everything works. However, I ended up with two passkeys in keychain. So not knowing which one to delete, I just selected one then tried to login at carnival. Oops, deleted the wrong passkey. I deleted both of them and tried to add a new passkey.

Adding a new passkey didn't seem possible. When I click on webauthn, I get the screen to scan or use external security. In fact, after failing that, carnival sends me a 4 digit sms that logs me in. That is absolutely horrible. Login via sms should outright be banned for how unsecure it is.

I played around with the options but I couldn't get a new passkey added. So I'm basically out of luck with passkey.
Yup, flawed implementation atm. See post: https://forums.macrumors.com/threads/passkeys-supported-sites-and-apps.2353325/post-31463844

At least once OwnID improve things on their end, all the dependant sites (with passkey enabled) benefit together.

daimani.com’s another site using OwnID login.
 

Kmart9419

macrumors 6502
May 4, 2011
292
335
The whole passkey experience has been bad. Apple themselves don’t use the feature. I don’t think there is one single site that has passkey setup properly yet.

eBay in private mode only asks for login and password. Nvidia you have to scroll all the way to the bottom. PayPal for some reason added a couple of passkeys and I deleted. Now I can’t add passkeys at all.

*correction on carnival, they send a 4 digit login code via email and not text which could easily be as bad as using text.* eBay I think uses texts after passkey failure. So we go from extremely secured with passkey to extremely unsecured with texts and email. I’m just shaking my head with this.

Passkey is in beta. Apple should say so.
 
  • Like
Reactions: michelmike

Shin-Ra

macrumors regular
Jan 3, 2008
157
208
A few updates on passkey supporting sites/apps:

webauthn.io‘s been updated to be more passkey and autofill-friendly but there’s compatibility issues with Safari. I find cancelling the first iOS prompt to create a passkey but going through with a second attempt creates a passkey that can be successfully authenticated.

authgear.com I found this a couple of weeks ago but couldn’t remember the url. At least one site (formx.ai) is using their service with passkeys enabled.

(App) robinhood.com claims their app now supports passkeys. The app’s unavailable in my region so I can’t confirm.
 

IvanW

macrumors newbie
Nov 18, 2018
14
10
I don’t see apple sites supporting passkeys.
Exactly, with Google and Microsoft both accepting security key as login method to their respective services (Microsoft even promoting passwordless login) Apple not following suit is a glaring absence in the whole Passkey narrative.
 
  • Like
Reactions: TimFL1 and dk001

alexclst

macrumors member
Dec 24, 2007
66
41
Saint Paul, MN
Is anyone actually able to create a Passkey in PayPal yet? The app doesn't allow me to, and the website is so buggy (which is not surprising, it being PayPal) it dismisses the passkey prompt before I'm able to accept it.

I am seeing the same issue. Annoying, but also not too surprising I guess.
 

Shin-Ra

macrumors regular
Jan 3, 2008
157
208

Shifts

macrumors regular
Oct 3, 2019
191
172
Just tried logging into PayPal in Safari (iOS) and app. Nothing. I even had to do a captcha dance to login. No prompt. Nothing under account or security. 🤷‍♂️
 
  • Like
Reactions: marc.s

marc.s

macrumors newbie
May 5, 2021
4
1
Paypal announced support yesterday for the website on ”devices running iOS 16, iPadOS 16.1, or macOS Ventura” but I don’t see the option yet.
 

maryland

Suspended
Aug 24, 2022
38
112
PayPal? Ah yes, the same company that finally launched support for physical FIDO2 security keys a couple of months ago but then:

1) limited it to adding only one key and
2) making the key not work in mobile Safari, although requesting the desktop site magically makes it work
 
  • Like
Reactions: marc.s

samwa3

macrumors regular
Dec 5, 2018
170
133
After upgrading to Safari 16.1, even on my old MacBook Pro that does not support macOS Ventura, I was able to login using a Passkey on a website. Very nice.
 
  • Like
Reactions: Fordski

bushman4

macrumors 601
Mar 22, 2011
4,139
3,893
Going to take awhile for developers to add passcode as they’re not putting out an update just for that
 

samwa3

macrumors regular
Dec 5, 2018
170
133
Exactly, with Google and Microsoft both accepting security key as login method to their respective services (Microsoft even promoting passwordless login) Apple not following suit is a glaring absence in the whole Passkey narrative.
Even though passkeys are by no means an Apple-only thing and hopefully should get better support on all kinds of systems by the minute, with Apple they expect you (currently) to store your passkeys in their passkey manager, i.e. your iCloud keychain.

If Apple would transition to using passkeys for login only, that'd mean there's some kind of bootstrap issue. Where is that passkey stored that you're using for logging into your Apple ID? In your keychain that you can only access through your... Apple ID?

And if you're just suggesting to have passkeys as another optional 2FA mechanism, then alright that would of course always work. But also not really bring any advantages in terms of convenience or security. The current 2FA implementation through other devices is robust. Whether you type in a 6 digit code or scan a QR code... hard to say which is really more convenient for everyone. Requiring the Bluetooth beacon / proximity check like with passkeys might be a good idea to make it even more secure, but as it's just an additional factor I don't see it making a big difference.

So therefore I would say no, the narrative works fine. Passkeys are plenty interesting and there are many reasons for Apple to get behind them, even if they don't use them themselves with their Apple ID accounts.
 

ipedro

macrumors 603
Original poster
Nov 30, 2004
6,325
8,828
Toronto, ON
Going to take awhile for developers to add passcode as they’re not putting out an update just for that

The foundation Apple set with Sign in with Apple will make it easier for web developers who also have apps to make the move. Other sites that are starting from the ground up may take longer but there's a real incentive to get on with it. Passkeys isn't just a convenience to users, it's a huge weight lifted off website owners' shoulders who currently have to manage security and are constantly on edge with the possibility of losing email/password lists to hackers and the PR nightmare that would cause.
 

lancastor

macrumors 6502a
Jun 25, 2011
848
346
You can use Passkeys on all sites which supports Yubikey.

Passkey support in iOS acts like you connected a Yubikey via NFC/Lighnting/USB.
 

rhpt

macrumors member
Dec 25, 2007
31
10
Chapterhouse
How does one setup Passkey for eBay? I have never gotten a prompt or anyway to setup Passkeys on the website or app
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.