Passkey Passwordless Authentication – Everything You Must Know

Windows 11 is getting a built in passkey manager for Windows HelloWindows 11 is getting a built in passkey manager for Windows Hello

Key Points

  • A passkey is a digital token created through device-specific authentication and replaces an app’s/website’s credentials.
  • A passkey is specific to every device, and hence, saved locally on your device.
  • A passkey is more secure than a password, biometric authentication, and multi-factor authentication.

Are you tired of entering lengthy usernames, email addresses, and passwords into individual applications and websites to sign into your account? Well, Microsoft, Google, and Apple have joined hands to provide you with a faster and safer solution.

Introducing the “Passkeys.” Passkeys are an alternative method to sign into various apps and websites, integrating with any device-based authentication. In the case of the Windows OS, this authentication could be a PIN, a password, a fingerprint, or facial recognition. In the case of an Android device, it could be either facial recognition, a fingerprint, a PIN, or a pattern.

Passkeys reduce the login time and save you the trouble of entering lengthy credentials. Not only that, but it also makes the process much more secure since it does not share your true password or device verification details with the end server.

At the moment, on Windows OS, the passkey feature is only available to Insiders running Windows 11. More specifically, Windows 11 Build 23486 (or above).

What are passkeys

Technically, a passkey is a key you need to get past something, like a door. In the digital world, this refers to the digital token you need to get past any screen that may require a password or any sort of credentials. passkeys have been around for some time and were created in collaboration between Microsoft, Google, and Apply, but consumerized recently.

A passkey is a token that is generated when you grant access to log into a website or app using your device authentication mechanism. For example, instead of using your website or app-specific password, you can use your Windows Hello PIN, facial recognition, or fingerprint (whichever device-based authentication mechanism you have set up) as a passkey, and log into the app or site.

The passkey method makes the logging-in method more secure since they are stored only on your local device. This process removes the involvement of the password from the process, which is easier for hackers to infiltrate. The passkey on your device generates a special signature when you log into an app or website, proving that you are the owner of the passkey. Your biometric information or your password is not shared with anyone or any servers.

Not only does the process become more secure, it also becomes faster and more reliable.

How passkeys work

A passkey is created for an application or website that requires credentials for authentication, i.e. a username and password, or something similar. When you generate a passkey on a supported app/website using a supported platform (discussed below) using your device-specific credentials, a digital token is saved locally on your device (that you used to create a passkey).

This digital token is then shared with the particular app/website which proves to it that you are in possession of the required credentials and that it is a pre-authenticated device that you are using. But what if you are not logging into the app/website using a pre-authenticated app?

In that case, a QR code can be generated that you scan to connect one device with another and authenticate the assigned passkey.

Passkeys vs Autofill

After reading about passkeys, you may be wondering whether these are any better than autofill. If you recall, you’ll find that there is already a similar feature on certain devices like Android and Windows, where you enter your device-based authentication (like fingerprint or PIN), and the credentials are automatically inserted into the respective fields.

Note that this feature is autofill and that it uses your app or website-specific password. Therefore, making them less secure than passkeys.

As mentioned above, passkeys generate a token to authenticate to the app/website that you have the credentials. However it does not share the credentials, nor your device-specific authentication details.

Passkeys vs Passwords

By now, you would have understood that a passkey is very much different from a password. A passkey is nothing tangible since it is a digital token – normally, you cannot see it, unlike a password. Not only does it make passkeys more secure, but also faster and more efficient.

According to Google, the percentage of users successfully authenticating through the same device passkeys is four times higher than the success rate typically achieved with passwords: the average authentication success rate with passwords is 13.8%, while the local passkey success rate is 63.8%.

Passkey vs password
Passkey vs password. Source: Google

Moreover, the security a passwordless approach provides, which a passkey is, is far superior to a password credential. The following Microsoft illustration will explain it better:

Comparison of different authentication methods and their security level
Comparison of different authentication methods and their security level. Source: Microsoft

Passkey vs Multi-Factor Authentication (2FA/MFA)

The two-factor authentication process (2FA), also known as two-step verification or dual-factor authentication, requires users to verify their identity using at least two different methods. This usually involves a code shared via other mediums to confirm you are you.

In contrast, a passkey is nothing like it. A passkey is a single-use authentication mechanism that does not require additional confirmation. Since passkeys are based on public key cryptographic protocols, it makes them more secure than MFA.

Additionally, obtaining authentication is much faster than the process of MFA, since it does not involve receiving additional SMS or emails and inputting lengthy codes.

How to create passkeys on Windows 11

To begin, you must first ensure that you are using Windows 11 Build 23486 or higher. To confirm this, press the Windows Key + R to open the Run Command box, and then enter “winver” to check the current OS build and other details.

Check Windows build and version
Check Windows build and version

If it is not on the aforementioned build, install the Windows update (or join the Insider channel)

You must also have Windows Hello configured on the computer. Once both of these things are confirmed, proceed to use the following steps to create a passkey using a supported website:

  1. Open a passkey-supported website using Microsoft Edge or Google Chrome.

    In this example, we will be using the Google website.

    Note: Some websites that support passkeys are: Google, Best Buy, Cloudflare, eBay, Kayak, and PayPal.

  2. Look for the “Passkey sign-in” option and select it. It can be at different locations for each website.

  3. Click “Create a passkey.”

    Create a passkey
    Create a passkey
  4. Click Continue.

    Proceed to create a passkey
    Proceed to create a passkey
  5. Enter the Windows Hello credential/biometric requirement.

    Since we set up a Windows Hello PIN, it asked for the PIN combination.

    Enter the Windows Hello credentials
    Enter the Windows Hello credentials
  6. Click Ok.

    Confirm passkey creation
    Confirm passkey creation
  7. Click Done.

This concludes the method to create a passkey for any supported website or app. This will be saved locally on your Windows 11 computer, which you can also manage.

Once created, you can use the Windows Hello sign-in method to log into the supported app or website.

Managing passkeys on Windows 11

Once you have created a passkey for an app or a website, it is saved locally on your Windows 11 computer. You can then delete it from the Windows Settings app if needed. However, you cannot edit or change an existing passkey.

If you want to change a passkey, you must delete the existing one from the Settings app and then create a new one by going to the website or app again.

To delete an existing passkey, use these steps:

  1. Press Windows Key + i shortcut keys to open the Settings app.

  2. Navigate to the following:

    Accounts >> Passkeys
  3. Click on the 3 dots in front of the passkey that you want to delete and then click “Delete passkey.”

    Delete a passkey in Windows 11
    Delete a passkey in Windows 11
  4. Click Delete for confirmation.

    Confirm passkey deletion
    Confirm passkey deletion
  5. Now enter the Windows Hello credentials.

    Enter the Windows Hello credentials 2
    Enter the Windows Hello credentials

The saved passkey will now be removed from your computer.

How to create passkey on Google account

Similar to Windows, you can also create and manage passkeys for your Google account. Once you have created and allowed passkeys to be sued, you can use them to sign into your account without entering your password.

Here is how to create and manage passkeys on your Google account:

  1. Go to the Google Passkeys page.

  2. Sign into the account using your password.

  3. Click “Create a passkey.”

    Note: If you have an Android phone and are already logged in to your Google account, you will be registered for a passkey and now will already be created. Note that if the passkey is created using the same device, a new one will not be created.

    Create a passkey on your Google account
    Create a passkey on your Google account
  4. Click Continue.

    Continue to create a passkey
    Continue to create a passkey
  5. Now enter your device credentials/biometrics.

    Enter your device credentialsbiometrics
    Enter your device credentials/biometrics

The passkey will now be created.

From the same Google Passkeys page, you can click on the Edit button beside a passkey and edit its name, or click on the trash can icon to remove it.

Deleting a passkey

As mentioned in the methods above, you can edit or delete a passkey on Windows, Google account, as well as all other supported devices. In the case you sell or lose one of your devices that have a passkey, all you need to do is remove the associated passkey for each website/app, and that device will no longer be able to authenticate.

Websites that support passkeys

Since the passkey concept is still relatively new for the consumer world, at the time of writing this post, only the following handful of websites support this feature:

  • Google accounts
  • PayPal
  • Shop by Shopify
  • Instacard
  • Robinhood
  • Adobe
  • Tailscale
  • GitHub
  • TikTok (iOS only)
  • Amazon
  • Microsoft 365
  • Apple accounts

Passkey compatible devices

Apart from the supported websites, you also need to have the right devices and software to be able to use passkeys. The table below lists the compatible passkey devices at the time of writing this post:

iOSSafari, Chrome, Brave, Edge, Firefox
iOS apps
macOSSafari, Chrome, Brave, Edge, Firefox
Mac apps
AndroidSamsung Internet, Chrome, Brave, Edge, Firefox
Android apps
WindowsChrome, Brave, Edge, Firefox
Windows apps
LinuxChrome, Firefox
Passkey-compatible devices and browsers

Ending thoughts

At the moment, the passkey method is only available in the Dev channel for the Insiders. However, if things go as planned, Microsoft will surely bring this feature to the stable Windows channel.

That said, the passkey feature will surely be a great hit amongst Windows users, as it will add another layer of security for the website login processes and be of great convenience. Let us know what you think of the feature in the comments below.

If you liked this post, Share it on:

Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information

Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Leave the first comment