Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Passkeys supported sites and apps
- Thread starter ipedro
- WikiPost WikiPost
- Start date
- Sort by reaction score
- Status
Good timing! Google just turned on passkeys for google accounts today.
Here’s the link to set it up: http://g.co/passkeys
Passkey is kinda working with Google. I set passkey on my Mac and that works fine. I then logged out of Google using Safari on my iPhone and back in and it only asks me for my password, no option to select passkey. Enter my password and then it asks if I want to setup passkey. I select continue and it says that I already setup a passkey. Rinse and repeat, no change.
No, you can select not now to generate a passkey and it will log you in using your password.
Managed to resolve this, delete your Passkey from your Google account, then create the Passkey on your iPhone, then you can log in using your Passkey on both your Mac and iPhone just fine. Weird that it's not working properly when you create the Passkey on the Mac though.
Awesome! I followed your steps and now it works fine on both devices. Maybe a bug on the Mac side as I'm running 13.4b4.
What an absolutely terrible thing to do. Reviews like that can really hurt an independent developer. How about reaching out to the developer when you encounter a problem? It took me two seconds of Googling to find the help/contact section on the Cardpointers website.
Google has started rolling out support for Passkeys in Workspace accounts. This brings on millions of work organizations and schools into Passkeys.
It's taken a while but with Google now active, and given how many sites have Google as their authentication provider, it'll bring Passkeys to a large part of the web.
I've added it to the Wiki. If you know of other sites or apps that have independently added Passkeys, please update the Wiki on the first post of this thread. In addition to Google, I've added Shopify.
It's taken a while but with Google now active, and given how many sites have Google as their authentication provider, it'll bring Passkeys to a large part of the web.
I've added it to the Wiki. If you know of other sites or apps that have independently added Passkeys, please update the Wiki on the first post of this thread. In addition to Google, I've added Shopify.
This is a pretty short list. Wonder if/when we’ll see more sites sign on…
passkeys.directory
Passkeys.directory
A community-driven index of websites, apps, and services that offer signing in with passkeys.
passkeys.directory
So far two major services/accounts I use have launched passkeys.
Google
Everything works as expected for months now apart for the initial sign-in email request. Safari only offers one of my two Google account emails in the autofill bar, I usually want the email not offered by default so either have to start typing the other address or tap the key for all accounts which requires an extra biometric authentication.
How it’s ideally supposed to work — iOS automatically pops up a windowed list of all the accounts you have for that domain. You select one and authenticate once.
Google correctly named my passkey “iCloud keychain” but you can manually rename this exactly how you like. I capitalised Keychain! No surprise but Google don’t offer password deletion yet.
PayPal
PayPal only enabled passkey creation on my account in the past week. My iPadOS 17 beta iPad wasn’t permitted to create a passkey on their website but using my iOS 16 iPhone worked just fine and I can passkey log in with the iPad fine afterwards.
PayPal only uses the passkey as a password replacement, two-factor authentication is still requested meaning you’re effectively performing three-factor authentication. Not really elegant or the intention for passkeys.
The passkey created is automatically named to match the creation device (“iOS, iPhone Safari”) and you can’t change this to something more suitable like iCloud Keychain. No password deletion yet.
Everything works as expected for months now apart for the initial sign-in email request. Safari only offers one of my two Google account emails in the autofill bar, I usually want the email not offered by default so either have to start typing the other address or tap the key for all accounts which requires an extra biometric authentication.
How it’s ideally supposed to work — iOS automatically pops up a windowed list of all the accounts you have for that domain. You select one and authenticate once.
Google correctly named my passkey “iCloud keychain” but you can manually rename this exactly how you like. I capitalised Keychain! No surprise but Google don’t offer password deletion yet.
PayPal
PayPal only enabled passkey creation on my account in the past week. My iPadOS 17 beta iPad wasn’t permitted to create a passkey on their website but using my iOS 16 iPhone worked just fine and I can passkey log in with the iPad fine afterwards.
PayPal only uses the passkey as a password replacement, two-factor authentication is still requested meaning you’re effectively performing three-factor authentication. Not really elegant or the intention for passkeys.
The passkey created is automatically named to match the creation device (“iOS, iPhone Safari”) and you can’t change this to something more suitable like iCloud Keychain. No password deletion yet.
Passkeys can now be created for Nintendo accounts.
Quick impressions are it’s a couple more page navigations than necessary to actually get to the passkey login page from the Nintendo homepage, but once you sign in with a passkey, there’s no 2FA nonsense like PayPal.
You can’t rename created passkeys or delete your password to use a passkey exclusively yet.
Quick impressions are it’s a couple more page navigations than necessary to actually get to the passkey login page from the Nintendo homepage, but once you sign in with a passkey, there’s no 2FA nonsense like PayPal.
You can’t rename created passkeys or delete your password to use a passkey exclusively yet.
There is a small detail I don't understand:
Passkey is an additional login method. So you still can login with an bad choosen unsafe password.
So there is a big login comfort with passkeys, but there is no additional security. Or is it planned in the future that you can deactivate/remove the (old) Username/Password combination and use only passkeys?
Passkey is an additional login method. So you still can login with an bad choosen unsafe password.
So there is a big login comfort with passkeys, but there is no additional security. Or is it planned in the future that you can deactivate/remove the (old) Username/Password combination and use only passkeys?
The plan is to replace passwords with passkeys.
Some devices still don’t support them, that’s why the password is available as an option when signing in, for now.
It is worth noting that 1Password has now rolled out PassKey support (they might have to change their name one day). Prior to macOS Sanoma, it would only work in Chrome-based browsers (don't know about Firefox), but now it works in Safari and also works on iOS 17 (I have not tried it in apps, but it does work in Safari and third-party browsers like Brave). I do like a third-party like 1Password because it is cross-platform. There are ways of using an Apple PassKey on Windows by scanning a QR code with your iPhone, but it is not as elegant. Maybe Apple will bring PassKey support to its Windows iCloud Password Manager app. Most sites also allow multiple PassKeys as well, so you can use Apple PassKeys on Apple devices and use Windows Hello on Windows. I believe other password managers like Bitwarden are rolling out PassKey support as well.
The issue at the moment is that a lot of websites still require a username and password and request the security key at the same point they would normally ask for a 2FA code. There are a few that allow you to skip the username and password step completely, like GitHub. My understanding is that eventually we will get rid of usernames and passwords completely, but for the moment they have them as backups. Microsoft accounts do offer passwordless, through Windows Hello, but on Safari you have to do it through the Microsoft Authenticator app. I don't think people should worry about losing their devices, PassKeys are stored in Keychain and synced to Apple servers. Same with Microsoft, Google, and 1Password.
A few other sites that seem to support PassKeys (passwordless (has a password but can skip)):
The issue at the moment is that a lot of websites still require a username and password and request the security key at the same point they would normally ask for a 2FA code. There are a few that allow you to skip the username and password step completely, like GitHub. My understanding is that eventually we will get rid of usernames and passwords completely, but for the moment they have them as backups. Microsoft accounts do offer passwordless, through Windows Hello, but on Safari you have to do it through the Microsoft Authenticator app. I don't think people should worry about losing their devices, PassKeys are stored in Keychain and synced to Apple servers. Same with Microsoft, Google, and 1Password.
A few other sites that seem to support PassKeys (passwordless (has a password but can skip)):
- GitHub (passwordless)
- Brave Community
- Microsoft (passwordless - might require Microsoft Authenticator app)
- Google (passwordless - need to click Try Another Way on the password screen)
- eBay (passwordless)
- Simplelogin
- Nintendo (passwordless)
- Nvidia (passwordless - select log in with security device)
- Proton
- OnlineScoutManager (passwordless)
- Bitbucket (a bit strange - An Atlassian account only has 2FA and a Bitbucket account has PassKeys but you need an Atlassian account for Bitbucket)
- GitLab
- Roblox
Last edited:
Amazon and its regional variants are rolling out passkey support but the implementation has the same 2SV flaw as PayPal. If you have Two-Step Verification enabled to reinforce password entry, it’s also requested when logging in by passkey.
Amazon has an additional issue with regional accounts (ex. .com and .co.uk share the same Amazon account) but passkeys can’t be shared between domains like this. You’ll need to create extra passkeys for any regional variants.
Amazon has an additional issue with regional accounts (ex. .com and .co.uk share the same Amazon account) but passkeys can’t be shared between domains like this. You’ll need to create extra passkeys for any regional variants.
Last edited:
Amazon seems to have the best implementation so far. I was able to setup multiple passkeys, (one in 1password and one in my security key). This is great. 1password is seamless and easy, but if I don’t have access to 1password for whatever reason, I can always use my physical security key which I always have on me.
This is great and I hope the uptake starts to spread like wildfire, but also there are a lot of bad implementations out there by organizations that don’t seem to get the “point” of passkeys.
1Password Watchtower will tell you which of your login sites support passkeys. I'm showing 35 sites.
eBay supports genuine multi-device passkeys now, you can create them at:
My eBay > Sign-in and security > Passkeys
This is separate from the pre-existing Face/fingerprint/PIN sign in that eBay still offers but is limited to the one device you activate it on, until you wipe cookies/web browser data.
eBay have also added Authenticator app support for 2-step verification. Unfortunately, their passkey implementation requires 2-step verification if you have it enabled and as you can’t delete your password yet it’s probably best to keep 2-step on.
Uber have made passkey support widely available and I think PayPal’s login experience with passkeys improved, now when you navigate to the Log in page, a passkey is automatically requested. 2SV is still requested though.
My eBay > Sign-in and security > Passkeys
This is separate from the pre-existing Face/fingerprint/PIN sign in that eBay still offers but is limited to the one device you activate it on, until you wipe cookies/web browser data.
eBay have also added Authenticator app support for 2-step verification. Unfortunately, their passkey implementation requires 2-step verification if you have it enabled and as you can’t delete your password yet it’s probably best to keep 2-step on.
Uber have made passkey support widely available and I think PayPal’s login experience with passkeys improved, now when you navigate to the Log in page, a passkey is automatically requested. 2SV is still requested though.
