Passkeys can be synced using external providers, and you can create groups to share passwords and passkeys. In managed environments, passkeys support Managed Apple Accounts, including syncing via iCloud Keychain, and access controls let people easily restrict how passkeys are shared and synced.
What’s newNow it’s even easier to adopt passkeys, with improvements that enhance security and the user experience. The new Account Creation API helps streamline sign-up. Automatic passkey upgrades and management endpoints help make it even easier for people to sign in to your apps. And now users can securely import and export passkeys between password managers, and take advantage of new ways to keep their passkeys up to date.
Saving and using a passkey is quick and easy with one-step account creation and sign-in using Face ID or Touch ID. There’s no need to create or manage passwords. Because passkeys are synced with iCloud Keychain, they’re available across Apple devices. You can even use your iPhone to sign in to apps and websites on non-Apple devices.
Based on FIDO Alliance and W3C standards, passkeys replace passwords with cryptographic key pairs. These key pairs profoundly improve security.
Strong credentials. Every passkey is strong. They’re never guessable, reused, or weak.
Safe from server leaks. Because servers only keep public keys, servers are less valuable targets for hackers.
Safe from phishing. Passkeys are intrinsically linked with the app or website they were created for, so people can never be tricked into using their passkey to sign in to a fraudulent app or website.
In iCloud Keychain, passkeys are end-to-end encrypted, so even Apple can’t read them. A passkey ensures a strong, private relationship between a person and your app or website.
Since signing in with passkeys uses AutoFill and Face ID or Touch ID for biometric verification, the transition to passkeys is seamless. This lets people use passkeys alongside passwords, so you don’t need to adjust your sign-in page based on credential type. You’ll use the new Authentication Services API to add passkeys, creating sign-in flows that are familiar to users.