You saw a friend’s account hacked and realized that using passwords is no longer a safe choice, so you decided to find a more secure authentication method. At the same time, you found that two-factor authentication is extremely complicated to use, a real waste of time, so a quick solution would be ideal. Well, I have the perfect solution for you: the passkey.
Perhaps you have heard this blessed word many times but never understood what it means. Now you’re here to discover it. In this article, I will enlighten you and help you understand in the simplest way what a passkey is, what it is for, and most importantly, how to create a passkey to protect your accounts.
If you feel ready to make your sensitive data and important accounts hack-proof, get comfortable and prepare to find out how to transform your digital world into a fortress that is as impregnable as possible. After reading this guide, your wish will be to say goodbye to all the passwords you have ever created!
Preliminary Information
Before using a passkey, it’s important to know exactly what it is and how it works. A passkey is a type of alternative authentication to passwords characterized by technology resistant to phishing. The passkey allows you to log in to all accounts that support it using authentication methods present on the user’s device such as a fingerprint, facial recognition, or screen lock.
The passkey consists of two parts: a public access key stored on the server of the site or app of the account being accessed and a private key corresponding to it that resides on the user’s device. When logging in, the service to which you are accessing checks if the two access keys match, and to perform this verification, the user is required to unlock using the authentication method set on their device, which can be a fingerprint, facial recognition, or screen lock sequence.
Once this verification is successful, the user is granted access to their account, while the private access key along with any associated biometric data remains on the user’s device and is never shared. This solution offers three main advantages.
- Convenience — Using a passkey is much simpler and quicker than a password because you don’t have to remember the password, only the unlocking method of your device.
- Security — Since private keys are stored on devices, passkeys are resistant to phishing and similar cyber attacks because they cannot be guessed or reused.
- Privacy — The user’s biometric data and other related data to the unlocking method of the device are never shared with anyone.
The passkey is generally considered even more secure than the classic two-factor authentication, despite being more complicated, because two-factor verification is not entirely immune to attacks like phishing and, in the case of SMS verification, to SIM swapping. The first company to promote passkeys was Apple in 2022, but now many others support them.
Now that you know exactly what it’s about, let’s see together how to set up a passkey! Keep in mind that in any case, to create a passkey, you must have an unlocking method set up on your device such as fingerprint, facial recognition, or unlock code.
How to Create a Passkey on Android
If you are using an Android device, to utilize a passkey you must have Android 9 or later and must have a Google account set up on your smartphone. Google asks everyone to set up a Google account during the initial setup of the smartphone, so you should have one registered.
If you don’t know whether you have one or not, just open the Play Store on your phone to find out: if you are prompted to log in or create an account, then you don’t have one and can create it directly on the screen that appears. Alternatively, you can link the account from the Google (or Account) section in Settings.
At this point, you must have an unlocking method set up on your smartphone, such as a fingerprint, facial recognition, or screen lock code. If you do not have one, you can set it up by going to Settings, under the Security tab, and then tapping on Device Lock.
Among the various options available, you can find Screen Lock which allows unlocking with a numeric, alphanumeric, or graphic sequence, or Face and Fingerprint Unlock to set up unlocking via fingerprint or facial recognition.
The user interface of Android smartphones varies by manufacturer, so the path for setting up the unlocking method may vary by device, but in any case, you can access it from the settings. For more information, refer to the guides on how to set a PIN on the phone and on how to set a fingerprint on Android.
To create a passkey on your Android after ensuring you have a set up unlocking method, visit this link, tap on Create a passkey and then again on Create a passkey. Now use the unlocking method set on your smartphone to authenticate and you’re done: you have a passkey on your account!
You can use the passkey from your smartphone on any other website or app that supports it. To do this, just go to the settings or the account management screen of the service in question and set up the passkey through the designated option.
Alternatively, you can also use a third-party password manager that supports passkeys, such as NordPass or 1Password.
How to Create a Passkey on iPhone
Soon Apple devices, just like Android, you can set a passkey if you have an Apple account configured on the device. Don’t know if you have an account set up? To find out, just go to the App Store: you can see your account by tapping on the profile icon at the top right; otherwise, you can log in through your Apple ID. Note that passkeys for Apple accounts are available only on iOS 17 and later.
If you want to synchronize passkeys across multiple devices, you must also have enabled iCloud Keychain. To do this, go to Settings, tap on your name (or the name of your account), and then on iCloud. Press Show All next to Saved on iCloud, tap on Password and Keychain, and activate the switch next to Sync this iPhone.
It’s not over yet: you also need to have two-factor authentication activated. To check if it’s active, go to Settings, tap on your name, and then on Access and Security, then tap on Enable two-factor authentication and then on Continue. Enter your phone number, tap on Next, and enter the code you receive via SMS to activate two-factor authentication.
Once you have completed these checks, ensure you have a configured unlocking method on your iPhone, such as the unlock code, Touch ID, or Face ID. If you want to set one, go to iOS Settings and tap on Face ID and Code (you will find Touch ID instead of Touch ID in case you have an iPhone with Touch ID). From here, you can set your authentication method. For more information, follow my guide on how to set up Face ID and the one on how to set a PIN on your phone.
If you have an unlocking method set up, you can use a passkey to access any account, site, or app that supports passkeys from your iPhone (including access to your Apple ID). You just need to activate the passkey option from the settings or account management screen in the desired service, of course after logging in with your username and password. As soon as the option to save a passkey for the account opens, tap on Continue. If you don’t see that option, you can do nothing because the site or app in question does not support it.
Once you have set the option, you can open the website or app you want to access and tap the username (or email) field on the login screen. At the bottom of the display or near the top of the keyboard, select the account name or the suggested email address (if it does not appear or is not the right one, enter it), then tap Use passkey if the corresponding button appears and use the unlocking method of your iPhone to log in (Touch ID, Face ID, or code), which is automatically proposed instead of the password.
Alternatively, you can also use a third-party password manager that supports passkeys, such as NordPass or 1Password.
How to Create a Google Passkey
Do you want to access your Google account by creating a passkey and forget your long and useless password once and for all? What you need to do is go to this page on any device and click Use passkeys.
Confirm access to your account by clicking Continue or entering your credentials, then click on Use passkey if you already have an unlocking method set that you want to use, then authenticate. If you want to create an entirely new passkey, you can click Create a passkey twice, then authenticate as soon as you’re prompted. From now on, you can access your Google account always using a passkey, and you can follow this procedure from any device that supports passkeys. Simple and effective.
How to Create a Microsoft Passkey
The passkey can also be used to access your Microsoft account. To use it, log in to your Microsoft account from this link, click on Security and then on Add a new sign-in or verification method. Now select Face, fingerprint, PIN, or security key, then select the passkey corresponding to your device from the list that appears and use the selected unlocking method to confirm.
Creating an Amazon Passkey
An Amazon account often contains sensitive data because Amazon is the most used site for purchases and payment cards are often registered in the Amazon account. That’s why it is important to protect your Amazon account with a passkey. If you want to use it on Amazon (you must have an unlocking method on your device), visit this link that will take you to the My Account section, and log in to your Amazon account if you haven’t already done so.
Click on Access and Security Settings and on the page that opens, next to Passkey, click on Edit. Now press on Configure and authenticate with the unlocking code of your device or another established authentication method. You’re done, you now have a passkey on Amazon too.
Creating a PayPal Passkey
To secure your money using a passkey on PayPal as well, log in to your account by clicking on Log In on the official PayPal website and then click the gear icon at the top right. Click on Security and then on Passkey, then press Create a passkey. Authenticate with the unlocking method set up on your device to complete the procedure. The same page can also be used to remove the passkey.
Creating a WhatsApp Passkey
Finally, let’s see together how to set a passkey to protect WhatsApp from prying eyes and the data within. Open WhatsApp on your smartphone and tap the three dots icon at the top right, then tap Settings.
Press on Account and then on Passkey, then click on Create Passkey and authenticate using the unlocking method present on your device. From the same screen, you can remove your passkey by tapping Delete.