​​Using Passkeys to Improve Account Security

Are you using passkeys to protect your accounts? If not, start today!

Passkeys are far more secure than passwords because a.) they’re strong and unique by default and b.) unlike passwords, they can’t be phished or stolen.

From a user experience standpoint, passkeys are also a lot more convenient than passwords, because they work using Face ID (on an iPhone) or Touch ID (on a Mac or iPhone). On a Mac, you just tap and log in.

In addition, since passkeys are managed by the Passwords app and can be synced through iCloud Keychain, a passkey set up on a Mac will also work on other Apple devices using the same Apple account.

Setting Up Your First Passkey

First things first. To use passkeys on a Mac, you have to have Touch ID set up. If you haven’t done this, it’s very easy—just head to System Settings > Touch ID & Password > Add Fingerprint, and follow the prompts.

To use Mac-created passkeys on your other devices, iCloud Keychain must be enabled and set to sync across devices. Most people probably have this turned on already, but if you don’t, Apple has an easy, multi-device how-to guide.

Now to create a passkey

1. Log into a site that offers support for passkeys using your password (e.g., Amazon.com). You can find a list of sites that support passkeys at the FIDO Alliance website. 

2. You may be prompted to add a passkey when you log in. If so, follow the prompts on the site to do so—usually this just involves pressing the Touch ID button on your Mac. If you don’t see an automatic prompt to set up a new passkey, no worries—you can typically find the option to add one in the security and login area of your account settings.

3. The next time you visit that website, you’ll be asked if you want to use your saved passkey to log in. To do this, just use Touch ID when prompted and you’ll be signed in.

Note that if you already have a password saved for the website, it’s still there, stored in the Passwords app. But now you will also see a stored passkey for the site as well.

Moving Forward

From here on out, use a passkey whenever you set up a new account (if you’re given the option).

We say “if” because not every website supports passkeys just yet, so for some sites you’re still going to have to use a password. These should always be strong, unique, and random. The Passwords app can create and store such passwords for you if you ask it to. Just open the app, go to Passwords > Settings. Check Suggest Strong Passwords and your Mac will prompt you to let it create a strong password every time you save a new login or change an existing password.

If you want to upgrade your existing passwords to passkeys in a systematic way, refer to FIDO’s list of sites and services that support passkeys. If you aren’t sure where to begin, use the macOS Passwords app to identify risky passwords that should be replaced immediately. To do this, go to the Passwords app and head for the Security tab. Here you’ll see alerts for easily guessed passwords, reused passwords, or passwords compromised in a data breach. Replace these with a passkey if possible—or, at the very least, a strong, unique password.