How to use Passkeys on your Apple Watch

1. Introduction#

Apple is ushering the passwordless future with passkeys with macOS Ventura. In this article, we want to show how passkeys can be used on the Apple Watch as the latest device from the Apple cosmos, after they were previously available with Face ID and Touch ID on Mac, iPhone and iPad.

2. Passkeys on macOS Ventura#

One of the many new features of macOS Ventura is that passkey logins are now available by using an Apple Watch. After the passwordless login with Touch ID or Face ID was already supported on Mac, iPhone and iPad, users can now create a passkey with yet another Apple device. This is possible for all passkey-supported websites on Safari as well as on Chrome.

3. Passkeys on Apple Watch#

Below, you'll find an instruction on how to set up the passkey login for your Apple Watch:

1. Go to System Settings on your Mac
2. Check under General if you already installed macOS Ventura
3. Proceed to Touch ID & Password (wear your Apple watch on your wrist)

4. Go to https://passkeys.eu and click on Sign up
5. Create a new account

6. Check the notification on your Apple watch

7. Double-Click on the side button of your Apple Watch
8. Signed In

4. Apple Watch and Passkeys (2025)#

Even though macOS Ventura and newer Apple Watches work together to authenticate you in more places (like unlocking your Mac or the new Passwords app), Apple has a policy decision that prevents the Watch from counting as a “strong” user verification (UV) in certain contexts—specifically, when cryptographic keys are protected by the Secure Enclave. In these cases, Touch ID or a typed password is required, and macOS will not allow the Apple Watch alone to complete the final authentication.

Apple’s Policy: No Apple Watch for Secure Enclave Unlock#

When using passkeys with Safari (which stores them inside the Secure Enclave via iCloud Keychain), Apple’s framework is designed to ignore the Apple Watch for the final “user verification” step if Touch ID is unavailable (such as in clamshell mode). Instead, it forces you to enter your Mac password—even though the Watch can unlock your Mac in other scenarios. This is because Apple does not consider the Watch by itself a high‐enough level of security to release Secure Enclave–protected credentials.

Chrome and Google Password Manager: Different Approach#

In contrast, if you use passkeys stored by Google Password Manager or inside your Chrome profile, they are generally kept outside Apple’s Secure Enclave. That means Chrome can use the broader .deviceOwnerAuthentication policy in LocalAuthentication, which lets macOS determine whether to prompt you for Touch ID, Apple Watch, or your password. As a result, Apple Watch fallback often works in clamshell mode for Chrome‐based passkeys (since the system allows it) while Safari’s Secure Enclave–based passkeys do not.

Why You Can Still Use the Watch for Other Unlocks#

You might wonder why the Watch can unlock your Mac session or the new Passwords app yet not finalize a passkey login in Safari. Apple considers the Mac session unlock and password manager unlock to be convenience features, whereas accessing Secure Enclave–protected keys (the actual cryptographic passkeys) requires stricter user verification. In practical terms, that means if you’re in clamshell mode and go to log in to a passkey‐enabled site in Safari, you’ll see a password prompt instead of being able to confirm on your Watch—even though you’re wearing it.

Comparison Table: Apple Watch for Passkeys#

Below is a summary of how passkeys behave on a MacBook in clamshell mode, with different storage and authentication configurations:

5. Implement Passkeys in your App as Login Method#

Since passkeys are enabled on all Apple devices, it's time to also make browsing on your website even safer and much more user-friendly by fully replacing passwords.

With Corbado's solution, we help to you easily integrate the new sign-in method. Check out our demo and discover how the passwordless future looks like.

Frequently Asked Questions#

How do I set up and use my Apple Watch to confirm a passkey?#

On macOS Ventura, visit a passkey-supported website in Safari or Chrome, initiate sign-up or login, then check your Apple Watch for a notification and double-click the side button to confirm. Your Watch must be worn on your wrist and paired with your Mac for this to work.

Why does Safari ask for my password instead of letting me use Apple Watch to complete a passkey login?#

Apple enforces a policy that the Watch alone is not a sufficient factor for unlocking Secure Enclave-protected credentials, where Safari and iCloud Keychain store passkeys. In clamshell mode without Touch ID available, macOS forces a password prompt even though the Watch works for other system unlocks.

What is the difference between how Apple Watch handles passkeys in Safari versus Chrome?#

Safari stores passkeys inside Apple's Secure Enclave via iCloud Keychain, and Apple's policy disallows Watch-only authentication for those keys. Chrome stores passkeys in Google Password Manager outside the Secure Enclave, so macOS can apply the broader .deviceOwnerAuthentication policy and permit Apple Watch as a fallback.

Why can Apple Watch unlock my Mac session but not finalize a passkey login in Safari?#

Apple classifies Mac session unlock as a convenience feature where Watch authentication is sufficient, whereas accessing cryptographic passkeys stored in the Secure Enclave requires stricter user verification. This means Touch ID or a typed password is mandatory for the final passkey step in Safari, regardless of Watch availability.