Should You Use Passkeys Instead of Passwords?

Currently, passkeys are available only on select websites, apps, and services. Keeping track of where you can use them can be challenging, too. For example, if you use a passkey to log in to an app on your phone, you’ll still need a password on your laptop if you want to use a browser that doesn’t yet work with passkeys.

Getting passkeys set up on your various devices can be tricky because things don’t always sync seamlessly. For example, you can share passkeys across Apple devices using iCloud Keychain, and thanks to recent developments, you can now create and share them across Android, Chrome OS, macOS, Linux, and Windows devices using Google Password Manager. But there is not yet a seamless and easy way to share passkeys across iPhone and Android devices or natively across Windows devices. 

For these reasons, until we see further maturation, we suggest only going all-in on passkeys if most of your primary devices are part of the same ecosystem — if you’re firmly in the Apple camp with an iPhone, MacBook, and an iPad, for example. You may run into more hiccups and incompatibilities if you’re an Android smartphone user with a Windows PC and an iPad. 

The technology has other quirks, too. You can use passkeys with Apple’s Safari browser, but if you are on a MacBook, you may have to use the Chrome browser to set up a Google passkey. (Check this table to see if you can use passkeys on your preferred operating systems, browsers, and devices.) 

The rollout of passkeys, and even U2F [Universal 2nd Factor] before it, has been clunky and slow,” said Bret Jordan, vice chair of the board of directors at OASIS. “In fact, the technology is actually moving faster than organizations can adopt, causing fragmentation and uncertainty. The single biggest problem with passkeys is the lack of a good user experience when trying to migrate or add passkeys to other devices.”

The user experience around passkeys “can definitely be improved based on availability of the services and lack of consistency around how exactly you get the keys on your devices,” says Martin Shelton, principal researcher at Freedom of the Press Foundation. “That said, I also believe it’s really exciting technology because it could—pending availability—make it a lot easier for people to stop typing their password on malicious websites.”