Passkeys are here to stay And they're changing the way we log in to websites and apps: fewer passwords to remember and more built-in security. In this practical guide, you'll understand what they are, how they work, and, above all, how to activate and manage them on Google, Windows, and your mobile device without getting lost in settings.
In addition to explaining the key concepts, We'll show you the requirements, compatibilities, and real nuances. This includes what happens with business accounts (Google Workspace), why the option to use a passkey sometimes doesn't appear, and what to do if you lose a device. You'll also see where they're stored (locally or in the cloud), which browsers are compatible, and how to use biometrics and PINs to log in without passwords.
What are passkeys and why are they replacing passwords?
A passkey is a cryptographic credential based on FIDO/WebAuthn standards It identifies you without the need to type passwords. It's stored as a secret on your device (computer, mobile phone, or FIDO2 security key) and unlocked with something you use every day: fingerprint, face, or a system PIN.
When you register a passkey, your device generates a key pair: private on the device and public in the serviceWhen you log in, you sign a challenge with your private key after unlocking your device, and the service validates the signature with your public key. This prevents typical password leaks and makes authentication resistant to phishingbecause the passkey only works with the legitimate domain.
There is another relevant detail: Your biometric data does not leave the deviceThey are used only to unlock the private key locally, so neither Google, nor Microsoft, nor the website receives your biometrics.
Advantages over passwords and relationship with 2FA/MFA
The passkeys are faster and simpler than a passwordBecause they don't require remembering anything or copying temporary codes. For the user, logging in is as natural as unlocking their phone or computer.
In security, Passkeys are unique per site and cannot be reused.If an attacker clones a website, the passkey will not be offered or will simply not work, effectively reducing phishing attacks and attempts to guess or stuff credentials.
They also fit with the multi-authentication approach: It involves 'something you have' (your device) and 'something you are/know' (biometrics or PIN). Even if you don't introduce a second layer of security, the passkeys flow itself incorporates factors transparently.
In the Google ecosystem, if you enable passkeys, The second step is often omitted. two-step verification of your Google account because you have already proven ownership of the device. However, your recovery methods and other settings you have configured will not be removed.
Requirements and compatibility: systems, browsers and synchronization
To create or use passkeys you need a compatible system and browserIn general terms: Windows 10 or higher, macOS Ventura, ChromeOS 109, iOS 16 or Android 9 and above; and browsers such as Chrome 109+, Edge 109+, Safari 16+ or Firefox 122+.
In Windows, Windows Hello is the foundation for saving and using passkeysSince Windows 11 22H2 (with updates like KB5030310), you can manage them in Settings. In Windows 11 24H2, Microsoft added Windows Hello synchronization, whereas in previous versions, storage was primarily local.
Third-party credential managers (1Password, Dashlane, Bitwarden, Proton, etc.) They offer cross-platform synchronizationUseful if you don't want to rely on the system or browser keychain. Check out the best password managers for Android if you're looking for options that support passkeys.
How to create and manage passkeys in your Google account
Google allows you to register passkeys on mobile phones, computers, and FIDO2 security keys. To create a passkey on the device you are usingTo access your account's passkey management page, select 'Create passkey' and unlock the device when prompted. Repeat this process on each device where you want to have a local passkey.
If you prefer a FIDO2 hardware security keyThe process is similar: from the same page, choose 'Use another device', connect the key, enter your PIN, or touch its sensor if it has one. It's a good option if you're looking for portability without relying on a browser.
Once you register your first passkey, on your next logins Google will suggest creating more passkeys on any new compatible devices you use. Avoid doing this on shared devices so that no one can access your account simply by unlocking the device.
To use the passkey when signing in to Google from the same device, Enter your email and unlock when the system prompts you.In many cases you will see autofill or the 'conditional UI' suggested by the account: simply tap your username and confirm with biometrics or PIN.
If you want to log into your account on a computer using your mobile passkey, scan the QR code you will see on the screenSelect 'Try another way' and then 'Use your access key', point your phone's camera at the code, and authenticate with Face ID, fingerprint, or PIN on your phone. Next time, if you use the same PC and phone combination, you'll receive a notification directly on your phone to speed up the process.
Keep in mind some practical notes: On Android, if you log outThe passkey can continue to work for up to a few hours to log back in; later, you'll need to use another login method, and Android will generate a new passkey when you log back in. On other systems, you can use the passkey at any time after logging out.
If you prefer to prioritize your password again when logging in, You can disable the 'Skip password when possible' preference in your Google account security settings. The option is located under 'Security and sign-in'.
To view and delete passwords in Google, Go to your account's access keys pageYou'll see the passwords registered for that account (make sure you're managing the correct account if you use multiple ones). If you're logged in on an Android device, you may see passwords automatically created by the system.
Have you lost or stopped using a device with a passkey? Remove that access key from the listAlso, check google.com/devices to remove the device from your account if it was an Android with an automatically generated passkey. If you use a third-party manager, make sure the passkey isn't saved there and delete it from its settings.
Passkeys in Windows: Activate Windows Hello, Log In, and Manage
In Windows, practical support involves Windows Hello (PIN, face or fingerprint)Go to Settings > Accounts > Sign-in options to configure your preferred method. This will allow the system to save local passkeys that are unlocked with Hello.
On compatible sites, you'll see two ways to log in: the 'conditional UI', which suggests your user At the bottom or above the keyboard, or in 'normal' mode, you enter your email address and then choose to use the passkey. Afterwards, you confirm with your PIN/face/fingerprint to complete the login.
If your passkey is on your mobile phone, You can log in to Windows by scanning a QR code. or via a hybrid flow with Bluetooth, provided the device is nearby and connected to the internet. For FIDO2 security keys, insert the key and complete the presence gesture or enter your PIN.
Where are they stored and how are they managed in Windows? Starting with Windows 11 22H2 and the latest updates, Configure and delete passkeys in Settings > Accounts > PasskeysYou'll see a filterable list; to delete one, tap the three-dot menu and select 'Delete passkey'.
Quick version compatibility: Windows 10 (1903+) and Windows 11 support WebAuthnWindows Hello and local passkeys; Windows 11 22H2 includes improvements such as a management interface and support for modern algorithms; Windows Hello synchronization arrives in 24H2. On older computers or those without biometrics, the Hello PIN is sufficient.
Storage and synchronization: browser, system, hardware and managers
There are several possible 'homes' for your passkeys. At Apple, iCloud Keychain syncs across iPhone, iPad, and Mac. It can also be used on Windows with iCloud for Windows and its extension. It's convenient if you live within the Apple ecosystem.
In Google, Chrome/Android Password Manager Save and sync passkeys across your devices where you use Chrome and your Google account. On iOS, install Chrome and enable it as your autofill provider if you want to use those passkeys on your iPhone.
In Windows, passkeys are used by default. They are usually stored locally on the device and are protected with Windows Hello. If you have many computers, you can create a passkey for each computer or use your mobile phone/FIDO2 key as an additional authenticator to log in to each one.
FIDO2 hardware keys (USB/NFC) They store passkeys inside the physical deviceThey are ideal if you are looking for maximum portability between platforms without depending on synchronization or the browser.
Third-party password managers such as 1Password, Dashlane, Bitwarden, or Proton Pass They allow you to save and synchronize passkeys beyond a single ecosystem. Check out the most secure password managers for Android if you prioritize security when synchronizing passkeys.
Corporate and educational context: Google Workspace and policies in Windows
If you use a Google Workspace account from a company or school, They may only let you use passkeys as a second factor or for sensitive actions, not as your primary method. Check the 'Skip password when possible' page or consult your administrator.
In managed Windows environments, some organizations restrict Bluetooth. Streams between devices with passkeys require Bluetooth For close authorization without copying keys, it's possible to allow Bluetooth pairings only with FIDO2 passkey-enabled authenticators using MDM policies and the WMI Bridge provider.
All modern editions of Windows (Pro, Enterprise, Education and variants) They support passkeysIf you manage equipment, review device and Bluetooth installation policies to enable only necessary use cases and keep the environment under control.
Mobile passkeys: iOS, Android and Microsoft Authenticator
On iPhone and Android, The passkeys are integrated with biometric unlocking. (Face ID, Touch ID, or fingerprint sensor) and with the system's or browser's own credential manager. This makes logging into apps and websites almost automatic.
Some organizations, as part of their MFA, use passkeys linked to the device with Microsoft AuthenticatorIn this approach, the key is not synchronized via the cloud (it remains locked to the mobile device), providing more control and reducing the risk of unauthorized export.
For a smooth experience, the following are recommended: recent versions of the system (for example, Android 14 or iOS 17 in enterprise scenarios), and have the credential provider (Authenticator, iCloud Keychain, Google Manager) set to autofill by default.
If you lose your mobile phone, You or the administrator can revoke the associated passkey from the corresponding panel. In some Spanish environments, as a temporary alternative, the use of verification systems such as Cl@ve is considered to recover access and reconfigure passkeys on another device.
A good practical tip: if you have more than one mobile phone or tabletRegister a passkey on each one. This way you avoid being locked out due to the loss or malfunction of a single device.
When they don't appear and how to fix it: frequently asked questions
If you are not offered the passkey when you try to log in, First, check that the device has an active screen lock.Without a lock, the system will not allow you to use or create passkeys on that computer.
Also check Google for the 'Skip password when possible' preference. If you disabled it, you'll see the password sooner.You can reactivate it to prioritize passkeys in the access flow.
In private browsers or modes, Some combinations do not allow you to create or use passkeysTry it in a normal window and make sure your browser and system are up to date.
No Bluetooth or in an environment with blocked Bluetooth? Use the computer's local passkey or a FIDO2 keyThe flow between devices (mobile–PC via QR/Bluetooth) requires proximity and connectivity.
If you need it, You can always tap 'Try another way' and revert to previous login options (password, codes, etc.). Keep in mind that if you use this method often, the system may offer passkeys less frequently until it learns that you prefer the traditional method.
And don't forget the administration: Periodically check which passkeys you have active on your accounts and devices. Delete any you don't use or that are on devices you no longer control to avoid surprises.
Passkeys allow you to log in with More safety and less friction through public key cryptography...to local protection with biometrics or PINs and flows between devices. Knowing where they are stored, how they are synchronized, and how revoke them Losing a device can make all the difference between a seamless passwordless experience and a major headache. Following compatibility guidelines, enabling Windows Hello, using the appropriate password manager (iCloud, Google Authenticator, or a third-party provider), and keeping your passwords up to date can significantly improve your experience. recovery methodsYou'll have the best of both worlds: real comfort and security, without having to remember anything.
