Get your free and exclusive +30-page Authentication Analytics Whitepaper
Back to Overview

Passkey Troubleshooting: Solutions for Passkey Issues & Errors

This blog posts helps to understand common passkey error (messages), what their causes are and how theses passkey problems can be solved.

Vincent Delitz

Vincent

Created: November 15, 2023

Updated: March 25, 2026

passkey troubleshooting solutions
PasskeysCheatsheet Icon

Looking for a dev-focused passkey reference? Download our Passkeys Cheat Sheet. Trusted by dev teams at Ally, Stanford CS & more.

Get Cheat Sheet
Key Facts
  • iCloud Keychain must be enabled on Apple devices running iOS 16 or macOS Ventura or later to store and sync passkeys across devices.
  • The excludeCredentials WebAuthn property restricts multiple passkey registration per device, triggering 'passkey already exists' errors when a credential is already stored for that account.
  • A QR code prompt during login means no passkey exists on the current device. Users can scan it to authenticate via a previously enrolled smartphone.
  • Client-side passkey deletion without server-side removal causes 'no matching passkey' errors. The server retains the public key and still expects the credential.
  • Android passkey support requires screen lock enabled plus Android 9 or later. Missing screen lock triggers 'passkeys not offered' errors.

1. Introduction#

Passkeys are rapidly becoming the standard for secure and seamless user authentication. Major tech players like Amazon, WhatsApp, Coinbase, and TikTok have already embraced this technology, with others like Facebook, LinkedIn, and X/Twitter soon to follow. However, as with any emerging technology, there are still some UI / UX concepts, like error messages, that are new to end users. Users often face passkey issues like "there are no matching passkeys" or "passkeys not working". Moreover, many relying parties define their own error messages, as there are not too many best demonstrated practices (apart from FIDO alliance's UIX guidelines). In some cases, if a service reports that "there aren't any passkeys on this device," it may be necessary to double-check your device settings, as modern passkey solutions aim to eliminate this confusion.

Subreddit Icon

Discuss passkeys news and questions in r/passkey.

Join Subreddit

Passkeys represent a paradigm shift in authentication, moving authentication in general from the backend to the frontend, as passkeys interact via operating system APIs with a device's secure enclave, TPM, or TEE.

As a result, effective user communication and error handling become important. Users, accustomed to traditional authentication methods, now face a learning curve with passkeys. We've observed frequent passkey errors and a lot of confusion through our interactions on platforms like X (formerly Twitter) and Reddit. Our goal with this article is to help more users when facing these passkey problems. We'll analyze the common passkey issues and offer practical solutions, thereby enhancing user experience and confidence in passkeys. If you ever find that a "google passkey not working" on your device, consider verifying your browser or system updates.

Recent Articles

2. How Do Passkeys Work?#

Passkeys represent a huge step in passwordless authentication, utilizing the WebAuthn API, and are backed by the FIDO Alliance and the World Wide Web Consortium (W3C). Moreover, passkeys are grounded in the principles of public-key cryptography.

Demo Icon

Want to try passkeys yourself in a passkeys demo?

Try Passkeys

Imagine creating an account where your device autonomously generates a unique pair of public and private keys. These keys are linked, much like a custom-made key tailored for a specific lock. For successful authentication, both elements are essential.

The fascinating part? The public key is the only component shared with a website or app (the relying party). The private key, on the other hand, remains securely on your device.

The authentication process is very user-friendly. When you attempt to sign in, the website or app sends a challenge. This is where your part comes in: by utilizing your device's biometrics or PIN (e.g. via Face ID, Touch ID or Windows Hello), you unlock your private key. Your device then utilizes this key to sign the challenge, sending this signature back for verification. The website or app, with the public key at its disposal, confirms the authenticity of this signature.

What makes this process truly seamless is its speed and transparency. From a user perspective, you're merely verifying your identity via Face ID. Meanwhile, under the hood, this sophisticated mechanism efficiently validates your credentials, granting access to your account.

StateOfPasskeys Icon

Want to find out how many people use passkeys?

View Adoption Data

3. Passkey Requirements#

3.1 iOS or macOS#

iCloud Keychain Enabled:

For users on Apple devices utilizing Safari, iCloud Keychain must be enabled to use passkeys. This is essential for password sharing and synchronization across devices. To set up iCloud Keychain, navigate to your device's settings, select your Apple ID, go to iCloud, and then enable iCloud Keychain (read more here). On iCloud accounts with Keychain enabled, the underlying iCloud account is enforced to be MFA protected by Apple.

iOS 16 or macOS Ventura Required:

Passkeys are supported on devices running iOS 16 or later, or macOS Ventura or later. These newer operating systems include enhanced security features necessary for passkey functionality. Users should ensure their devices are updated to these versions or higher (read more here).

Substack Icon

Subscribe to our Passkeys Substack for the latest news.

Subscribe

3.2 Windows#

Windows Hello Setup:

On Windows 10+ devices, Windows Hello must be configured to use passkeys (see here for more details on the passkey support of different Windows versions). Windows Hello is a biometric-based technology that enables users to authenticate secure access to their devices and applications using a fingerprint, facial recognition, or a PIN. To set up Windows Hello, go to Settings, then Accounts, and under Sign-in options, follow the prompts for setting up Windows Hello (read more here).

3.3 Android#

Android Version 9 or Later:

Passkey support requires at least Android 9. This is because newer Android versions have better integration with security features like biometrics and secure hardware storage, which are crucial for passkeys.

Google Play Services Updated:

Ensure that Google Play Services is up-to-date, as it plays a critical role in managing security and authentication processes on Android devices. If you experience issues where "google passkey not working" properly on your Android, checking updates and configurations in Google Play Services may resolve the problem.

Besides, on all platforms, ensure that the web browser being used is updated to the latest version. Browsers like Safari, Chrome, and Edge often release updates that improve security features, including passkey support.

Analyzer Icon

Are your users passkey-ready?

Test Passkey-Readiness

4. Common Passkey Errors, Their Causes and Troubleshooting#

The following list consists of typical passkey errors. Besides providing the cause of the error, a potential solution that has worked for others is given:

Error Message: To save a passkey, you need to enable iCloud Keychain. You can enable Keychain in the Apple ID pane of System Settings#

  • Cause: This error occurs when iCloud Keychain, which is required to store passkeys on Apple devices, is not enabled.
  • Solution: Enable iCloud Keychain by going to the Apple ID pane in System Settings. Ensure it's properly set up to sync passkeys across your devices.

Error Message: There are no matching passkeys / There are no matching passkeys saved in your iCloud Keychain#
  • Cause: This error typically occurs when a user tries to access a service using a passkey that is not stored in their iCloud Keychain or not synchronized across their devices.
  • Solution: Ensure that iCloud Keychain is enabled and properly synchronized across all devices. Check if the passkey for the specific service is indeed saved in the iCloud Keychain. If you see the detailed message indicating that "there are no matching passkeys saved in your iCloud Keychain," make sure to re-enable synchronization on all devices.
Slack Icon

Become part of our Passkeys Community for updates & support.

Join

Error Message: No passkeys available. There aren't any passkeys for Relying Party on this device#

  • Cause: No passkey can be found on the current device and the WebAuthn server does not allow any cross-platform passkey authentication. This error message reinforces that "no passkeys available" if the authentication system cannot detect one, and it may display a prompt such as "there aren't any passkeys on this device."
  • Solution: Verify if a passkey exists on your device. If you have deleted the passkey locally or on the client-side (e.g. in your iCloud Keychain settings or Google Password Manager settings), you also need to delete the passkey server-side in the account settings of your relying party, so that the system does not continue to expect its presence.

Error Message: Passkey already exists (or similar error message as it's defined by the relying party)#

  • Cause: This message appears when there's an attempt to register a new passkey on a device that already has one for the same account. Some relying parties restrict that users can only have one passkey per device (or ecosystem, e.g. synced iCloud Keychain or 1Password) and account. Usually, this setting is defined in the WebAuthn server property excludeCredentials.
  • Solution: Check your device settings to see if a passkey already exists and use it, or try adding a new passkey from a different device. Alternatively, enter the relying party’s account settings, delete the existing passkey for this device and account, and try to create a new one.

Error Message: I'm seeing a QR code#

  • Cause: A passkey is tied to a specific account and platform (e.g. the device or a cloud-synced platform account like iCloud Keychain). If you see a QR code when attempting to log in using a passkey, this means that you do not yet have a passkey on the current device/platform that you are using (but may have had one set up on your iOS or Android smartphone previously). Another cause is that the server limits the passkeys that are allowed to be used (via the WebAuthn server property AllowCredentials) and those passkeys are not available on your device.
  • Solution: If the device you previously made a passkey on has a camera, you may be able to scan the QR code to log in using that existing passkey (this is called passkey cross-platform authentication). If provided, you should be able to use an alternative authentication method to log in. Once logged in, you can then set up an additional passkey for the new/current device you’re using in the relying party’s account settings.

Error Message: Insert your security key into the USB port#

  • Cause: This prompt appears when a hardware security key (e.g. YubiKey) is required for authentication, possibly due to the lack of a TPM or disabled Windows Hello. Another cause is that you are on a device that has no Bluetooth capabilities (e.g. an older desktop machine) and no fitting passkeys are present on the device.
  • Solution: Insert the hardware security key (e.g. YubiKey) into the USB port. Alternatively, enable Windows Hello if you wish to authenticate without the hardware security key (a passkey with Windows Hello needs to be created beforehand).

Error Message: Passkeys not offered#
  • Cause: This error often occurs when the Android device that is supposed to use the passkey does not have the screen lock feature activated. The presence of a screen lock is a prerequisite for using passkeys in Android for security reasons.
  • Solution: To resolve this issue, enable the screen lock feature on your Android device. This can typically be done through the security settings of the device. Once the screen lock is activated, try using the passkey again.

Error Message: Couldn't create your passkey / Error while creating Passkey / Error while generating passkey#

  • Cause: This error can arise due to several reasons such as a glitch in the application or software you are using, a temporary server issue, or incompatible device settings.
  • Solution: Restart the application or device and try generating the passkey again. If the problem persists, check for any available updates for the application or your device's operating system. If it's a server-side issue, you may need to wait and try again later.

Error Message: We couldn't find a matching passkey (or similar message from the relying party)#

  • Cause: Many error messages like this occur if a passkey has been deleted manually, whether on the client-side or server-side. Even if your local private key remains, without the corresponding public key on the server, the error mentioning "we couldn't find a matching passkey" is triggered.
  • Solution: Try to access your account either from another device or use an alternative login method that you might have set up earlier. You can then usually create a new passkey in the account settings.

Error Message: Passkeys not available on this device or browser#
  • Cause: This is an error typically indicated by PayPal or similar platforms, suggesting that the device or browser being used does not support or have the functionality to create or use passkeys.
  • Solution: Ensure that your device and browser are up to date. If the device or browser inherently does not support passkeys, consider switching to a compatible one.

Error Message: Something went wrong. There was a problem signing in with your passkey.#

  • Cause: This could be due to an incorrect passkey entry, temporary communication issues between the server and your device, or a malfunction in the authentication process.
  • Solution: Double-check the passkey you are entering. If correct, try again after a short while. If the problem continues, check your internet connection or consider resetting your passkey if possible.

Error Message: Something went wrong. The request timed out.#

  • Cause: This error typically occurs when the server takes too long to respond, possibly due to network connectivity issues or high server load.
  • Solution: Check your internet connection to ensure a stable and strong signal. If the connection is fine, the issue might be on the server side, in which case you should try again later when the server is less busy.

5. Conclusion#

Passkeys are paving the way towards a more secure, user-friendly digital landscape. By leveraging the power of public key cryptography, they eliminate traditional password vulnerabilities, offering a robust and seamless authentication experience. As we move forward, understanding and troubleshooting common passkey errors becomes crucial. This knowledge not only enhances user confidence but also fosters wider adoption. For organizations looking to minimize these errors proactively, following passkey creation best practices and passkey login best practices significantly reduces the error rates users encounter. If you want to stay up-to-date about all news around passkeys (including passkey error handling and passkey troubleshooting), join our passkeys community on Slack or subscribe to our passkeys Substack.

Frequently Asked Questions#

Why am I being asked to insert a security key instead of using my passkey?#

This prompt appears when Windows Hello is disabled or no TPM is available, causing the system to fall back to hardware security key authentication. Enabling Windows Hello in your device's sign-in settings resolves this, but you must first create a Windows Hello passkey before using it for login.

How do I fix a 'couldn't create your passkey' error?#

This error typically results from an application glitch, a temporary server issue or incompatible device settings. Restarting the application or device and checking for OS and app updates usually resolves it. If the problem appears server-side, waiting and retrying later is recommended.

Why does passkey authentication keep timing out?#

Timeout errors occur when the server takes too long to respond, usually due to network instability or high server load. Verifying your internet connection is the first step. If connectivity is stable, the issue is likely server-side and retrying after a short wait should resolve it.

What happens if I delete my passkey on my device but not in the account settings?#

Deleting a passkey client-side, such as from iCloud Keychain or Google Password Manager, without also removing it in the relying party's account settings causes 'no matching passkey' errors. The server still holds the public key and expects the credential, so both client-side and server-side deletion are required before registering a new passkey.

See what's really happening in your passkey rollout.

Start Observing

Share this article

LinkedInTwitterFacebook

Related Articles

passkeys product managers

Passkey Bible for Product Managers

Robert - May 22, 2023

how to enable passkeys macos

How to Enable Passkeys on macOS

Max - September 19, 2024

How to Enable Passkeys on Android

How to Enable Passkeys on Android

Janina - May 21, 2024

how to enable passkeys window

How to Enable Passkeys on Windows

Max - September 19, 2024

How to enable passkeys ios

How to Enable Passkeys on iOS

Janina - May 21, 2024

share passkeys apple

How to Share Passkeys via AirDrop & Shared Groups on Apple

Janina - November 20, 2023

Table of Contents