Passkeys

Passkey Requirements

iOS or MacOS devices

Enable iCloud Keychain: To utilize passkeys with Safari on Apple devices, enabling iCloud Keychain is necessary. This allows for password synchronization and sharing across devices. To activate, go to your device's settings, choose your Apple ID, select iCloud, and turn on iCloud Keychain. Remember, iCloud Keychain activation requires MFA protection for your iCloud account.

iOS 16 or macOS Ventura Needed: Passkeys require iOS 16 or later, or macOS Ventura or later, due to their advanced security features essential for passkeys. Ensure your device is updated to these versions to use passkeys effectively.

Windows devices

On Windows 10 and newer devices, it's required to configure Windows Hello for passkey use.

Windows Hello allows device and application authentication through biometrics, such as fingerprints, facial recognition, or a PIN.

To enable Windows Hello, navigate to Settings, select Accounts, choose Sign-in options, and follow the setup instructions or follow this guide

Android devices

Android Version 9+ Required:

Passkey functionality needs Android 9 or later due to enhanced security features in these versions, such as biometric integration and secure hardware storage.

Update Google Play Services:

Keep Google Play Services current to ensure optimal security and authentication management on Android devices.

Web Browser Updates:

For all devices, update your web browser to the latest version. Browsers like Safari, Chrome, and Edge frequently update to enhance security, including passkey support.

Errors

"To save a passkey, you need to enable iCloud Keychain in the Apple ID panel of System Settings"

Reason: This error is due to the iCloud Keychain being disabled, which is necessary for storing passkeys on Apple devices.

Fix: Activate iCloud Keychain via the Apple ID section in System Settings to sync passkeys effectively across devices.

"There are no matching passkeys" / "There are no matching passkeys saved in your iCloud Keychain"

Reason: This issue often arises if a passkey isn’t in the iCloud Keychain or isn’t synced across devices.

Fix: Verify that iCloud Keychain is active and synced on all devices. Confirm the passkey for the service is saved in iCloud Keychain.

"No passkeys available. There aren't any passkeys on this device."

Reason: The device lacks a passkey and cross-platform authentication isn't supported by the WebAuthn server.

Fix: Check for a passkey on your device. If removed (e.g., from iCloud Keychain or Google Password Manager), also delete it from the server-side account settings to prevent repeated prompts.

"Passkey already exists" or similar message

Reason: This error occurs if you try to register a new passkey on a device that already has one for the same account. Some platforms limit each account to one passkey per device or ecosystem, like iCloud Keychain or 1Password. This restriction is typically set on the WebAuthn server under the excludeCredentials property.

Fix: Verify if a passkey already exists on your device and use it, or attempt to register a new passkey from another device. You can also remove the existing passkey through the account settings of the relying party and then try to create a new one.

QR code appears

Reason: A passkey is linked to a specific account and platform, like a device or a cloud service such as iCloud keychain. If a QR code appears during login, it indicates you don't have a passkey set up on this device or platform, although you might have one on another device. Additionally, the server might restrict which passkeys are permitted.

Fix: If your other device has a camera, you can scan the QR code to log in using the existing passkey. If available, consider using another authentication method. Once logged in, create a new passkey for the current device through the account settings.

"Insert your security key into the USB port"

Reason: This error often occurs when a hardware security key like YubiKey is needed for login. This might be because your device lacks a TPM or has Windows Hello turned off. It can also happen if you're using a device without Bluetooth, such as an older desktop, and it doesn't have appropriate passkeys.

Fix: Connect your hardware security key (e.g., YubiKey) to a USB port. Alternatively, activate Windows Hello to log in without the key, but ensure you set up a passkey first. Make sure to remove all connected devices from USB. Make sure your Bluetooth is turned on.

"No passkeys available"

Reason: This error typically happens if the screen lock is deactivated on the Android device meant to utilize the passkey. Activating a screen lock is mandatory to use passkeys on Android for enhanced security.

Fix: Activate the screen lock feature on your Android via the device's security settings. After enabling it, attempt to use the passkey again.

"Couldn't create your passkey" / "Error while creating passkey" / "Error while generating passkey"

Reason: This error may occur from a glitch, server problems, or device incompatibility.

Fix: Restart the app or device and attempt to regenerate the passkey. If issues continue, look for updates for the app or your device's OS. For server issues, wait and retry later.

"We couldn't find a matching passkey"

Reason: Often appear if you manually delete a passkey. This may occur if you remove it on the client side—through your platform account, on your device, or in your password manager—leaving the server unaware and resulting in errors. Alternatively, deleting the passkey's public key from the server, like in the account settings, while retaining the private key locally, can also cause discrepancies during login.

Fix: Access your account from a different device or utilize an alternate login method previously configured. You can generally create a new passkey in the account settings.

"Passkey not available on this device or browser"

Reason: This error that occurs when the device or browser lacks passkey support.

Fix: Update your device and browser. If they don't support passkeys, switch to one that does.

"Something went wrong. There was a problem signing in with your passkey."

Reason: Incorrect passkey entry, server-device communication errors, or authentication glitches may be responsible.

"Something went wrong. The request timed out."

Reason: The error usually happens if the server response is delayed, likely due to network problems or heavy load.

Fix: Verify your Internet connection is stable. If it is, the problem could be server-related - consider retrying later when it's potentially less crowded.

iCloud has created many Passkey Accounts, how can I delete them?

You can easily delete multiple accounts on iCloud by following this guide:

  1. On your Mac, choose Apple menu > System Settings, then click Passwords in the sidebar. (You may need to scroll down.)

  2. Click the Info button for the website.

  3. Click Edit.

  4. Click Delete Passkey.

Last updated