Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
The first post of this thread is a WikiPost and can be edited by anyone with the appropiate permissions. Your edits will be public.
Good timing! Google just turned on passkeys for google accounts today.


Here’s the link to set it up: http://g.co/passkeys

Passkey is kinda working with Google. I set passkey on my Mac and that works fine. I then logged out of Google using Safari on my iPhone and back in and it only asks me for my password, no option to select passkey. Enter my password and then it asks if I want to setup passkey. I select continue and it says that I already setup a passkey. Rinse and repeat, no change.
 
Passkey is kinda working with Google. I set passkey on my Mac and that works fine. I then logged out of Google using Safari on my iPhone and back in and it only asks me for my password, no option to select passkey. Enter my password and then it asks if I want to setup passkey. I select continue and it says that I already setup a passkey. Rinse and repeat, no change.
Managed to resolve this, delete your Passkey from your Google account, then create the Passkey on your iPhone, then you can log in using your Passkey on both your Mac and iPhone just fine. Weird that it's not working properly when you create the Passkey on the Mac though.
 
Managed to resolve this, delete your Passkey from your Google account, then create the Passkey on your iPhone, then you can log in using your Passkey on both your Mac and iPhone just fine. Weird that it's not working properly when you create the Passkey on the Mac though.
Awesome! I followed your steps and now it works fine on both devices. Maybe a bug on the Mac side as I'm running 13.4b4.
 
The CardPointers app is the first passkey-supported app I’ve seen in the wild that is not locked behind some 2FA barrier as a ”security key” like Google and Microsoft. I tried setting up a passkey in Microsoft Authenticator but it wouldn’t let me because it thinks I’m on a private browser. I tried on the website but the option doesn’t exist, so I left a one-star review on the App Store to get their $h!t fixed
What an absolutely terrible thing to do. Reviews like that can really hurt an independent developer. How about reaching out to the developer when you encounter a problem? It took me two seconds of Googling to find the help/contact section on the Cardpointers website.
 
Google has started rolling out support for Passkeys in Workspace accounts. This brings on millions of work organizations and schools into Passkeys.

It's taken a while but with Google now active, and given how many sites have Google as their authentication provider, it'll bring Passkeys to a large part of the web.

I've added it to the Wiki. If you know of other sites or apps that have independently added Passkeys, please update the Wiki on the first post of this thread. In addition to Google, I've added Shopify.
 
  • Like
Reactions: michelmike
This is a pretty short list. Wonder if/when we’ll see more sites sign on…

 
  • Like
Reactions: michelmike
So far two major services/accounts I use have launched passkeys.


Google
Everything works as expected for months now apart for the initial sign-in email request. Safari only offers one of my two Google account emails in the autofill bar, I usually want the email not offered by default so either have to start typing the other address or tap the key for all accounts which requires an extra biometric authentication.

How it’s ideally supposed to work — iOS automatically pops up a windowed list of all the accounts you have for that domain. You select one and authenticate once.

Google correctly named my passkey “iCloud keychain” but you can manually rename this exactly how you like. I capitalised Keychain! No surprise but Google don’t offer password deletion yet.


PayPal
PayPal only enabled passkey creation on my account in the past week. My iPadOS 17 beta iPad wasn’t permitted to create a passkey on their website but using my iOS 16 iPhone worked just fine and I can passkey log in with the iPad fine afterwards.

PayPal only uses the passkey as a password replacement, two-factor authentication is still requested meaning you’re effectively performing three-factor authentication. Not really elegant or the intention for passkeys.

The passkey created is automatically named to match the creation device (“iOS, iPhone Safari”) and you can’t change this to something more suitable like iCloud Keychain. No password deletion yet.
 
  • Like
Reactions: michelmike
Passkeys can now be created for Nintendo accounts.

Quick impressions are it’s a couple more page navigations than necessary to actually get to the passkey login page from the Nintendo homepage, but once you sign in with a passkey, there’s no 2FA nonsense like PayPal.

You can’t rename created passkeys or delete your password to use a passkey exclusively yet.
 
  • Like
Reactions: michelmike
porkbun (porkbun.com) is another domain registrar that supports passkeys. I think they used to partner with Apple for custom email domains but now Apple only partners with cloudflare for that.
 
There is a small detail I don't understand:

Passkey is an additional login method. So you still can login with an bad choosen unsafe password.

So there is a big login comfort with passkeys, but there is no additional security. Or is it planned in the future that you can deactivate/remove the (old) Username/Password combination and use only passkeys?
 
There is a small detail I don't understand:

Passkey is an additional login method. So you still can login with an bad choosen unsafe password.

So there is a big login comfort with passkeys, but there is no additional security. Or is it planned in the future that you can deactivate/remove the (old) Username/Password combination and use only passkeys?
The plan is to replace passwords with passkeys.

Some devices still don’t support them, that’s why the password is available as an option when signing in, for now.
 
It is worth noting that 1Password has now rolled out PassKey support (they might have to change their name one day). Prior to macOS Sanoma, it would only work in Chrome-based browsers (don't know about Firefox), but now it works in Safari and also works on iOS 17 (I have not tried it in apps, but it does work in Safari and third-party browsers like Brave). I do like a third-party like 1Password because it is cross-platform. There are ways of using an Apple PassKey on Windows by scanning a QR code with your iPhone, but it is not as elegant. Maybe Apple will bring PassKey support to its Windows iCloud Password Manager app. Most sites also allow multiple PassKeys as well, so you can use Apple PassKeys on Apple devices and use Windows Hello on Windows. I believe other password managers like Bitwarden are rolling out PassKey support as well.

The issue at the moment is that a lot of websites still require a username and password and request the security key at the same point they would normally ask for a 2FA code. There are a few that allow you to skip the username and password step completely, like GitHub. My understanding is that eventually we will get rid of usernames and passwords completely, but for the moment they have them as backups. Microsoft accounts do offer passwordless, through Windows Hello, but on Safari you have to do it through the Microsoft Authenticator app. I don't think people should worry about losing their devices, PassKeys are stored in Keychain and synced to Apple servers. Same with Microsoft, Google, and 1Password.

A few other sites that seem to support PassKeys (passwordless (has a password but can skip)):
  • GitHub (passwordless)
  • Brave Community
  • Microsoft (passwordless - might require Microsoft Authenticator app)
  • Google (passwordless - need to click Try Another Way on the password screen)
  • eBay (passwordless)
  • Simplelogin
  • Nintendo (passwordless)
  • Nvidia (passwordless - select log in with security device)
  • Proton
  • OnlineScoutManager (passwordless)
  • Bitbucket (a bit strange - An Atlassian account only has 2FA and a Bitbucket account has PassKeys but you need an Atlassian account for Bitbucket)
  • GitLab
  • Roblox
Nintendo, GitHub, and eBay are probably the most seamless in my experience. 1Password and Apple accounts only seem to support hardware keys, which I guess makes sense, preventing people from storing their Apple ID private key in their iCloud Keychain is probably a good idea, although Microsoft and Google both support PassKeys, so who knows?
 
Last edited:
eBay biometric webauthn login is still single-device. Attempt login on a second device and eBay won’t even prompt for biometric sign-in using the key already created.
 
Amazon and its regional variants are rolling out passkey support but the implementation has the same 2SV flaw as PayPal. If you have Two-Step Verification enabled to reinforce password entry, it’s also requested when logging in by passkey.

Amazon has an additional issue with regional accounts (ex. .com and .co.uk share the same Amazon account) but passkeys can’t be shared between domains like this. You’ll need to create extra passkeys for any regional variants.
 
Last edited:
Just now logged into Apple Store with a passcode to get order status.
 
Amazon and its regional variants are rolling out passkey support but the implementation has the same 2SV flaw as PayPal. If you have Two-Step Verification enabled to reinforce password entry, it’s also requested when logging in by passkey.

Amazon has an additional issue with regional accounts (ex. .com and .co.uk share the same Amazon account) but passkeys can’t be shared between domains like this. You’ll need to create extra passkeys for any regional variants.
Amazon seems to have the best implementation so far. I was able to setup multiple passkeys, (one in 1password and one in my security key). This is great. 1password is seamless and easy, but if I don’t have access to 1password for whatever reason, I can always use my physical security key which I always have on me.
This is great and I hope the uptake starts to spread like wildfire, but also there are a lot of bad implementations out there by organizations that don’t seem to get the “point” of passkeys.
 
ssa.gov (social security) now accepts passkeys if you have previously set them up on login.gov.
 
eBay supports genuine multi-device passkeys now, you can create them at:

My eBay > Sign-in and security > Passkeys

This is separate from the pre-existing Face/fingerprint/PIN sign in that eBay still offers but is limited to the one device you activate it on, until you wipe cookies/web browser data.

eBay have also added Authenticator app support for 2-step verification. Unfortunately, their passkey implementation requires 2-step verification if you have it enabled and as you can’t delete your password yet it’s probably best to keep 2-step on.


Uber have made passkey support widely available and I think PayPal’s login experience with passkeys improved, now when you navigate to the Log in page, a passkey is automatically requested. 2SV is still requested though.
 
eBay supports genuine multi-device passkeys now, you can create them at:

My eBay > Sign-in and security > Passkeys

This is separate from the pre-existing Face/fingerprint/PIN sign in that eBay still offers but is limited to the one device you activate it on, until you wipe cookies/web browser data.

eBay have also added Authenticator app support for 2-step verification. Unfortunately, their passkey implementation requires 2-step verification if you have it enabled and as you can’t delete your password yet it’s probably best to keep 2-step on.


Uber have made passkey support widely available and I think PayPal’s login experience with passkeys improved, now when you navigate to the Log in page, a passkey is automatically requested. 2SV is still requested though.
That's old news. eBay has supported passkeys for a long time now
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.