When Can Passkeys Be Used?

Passkeys can be used for user authentication when the system meets specific requirements, such as compatible operating systems, necessary hardware like TPM or Secure Enclave, and support from the passkey provider. Typically, passkeys work on modern devices that run updated operating systems and have secure hardware components. Additionally, a WebAuthn server support is required at the relying party.

---

To use passkeys, devices must meet certain system and hardware requirements. These include:

• Operating System Version: Passkeys generally require the latest versions of operating systems, such as iOS 16+, macOS 13+, Android 9+, and Windows 10+. The system should support WebAuthn, the standard that enables passkeys.
• Hardware Requirements: Devices should have a Trusted Platform Module (TPM), Secure Enclave, or Trusted Execution Environment (TEE) to store the passkey securely. These hardware components ensure that the passkey is protected from unauthorized access.
• Bluetooth Availability: Some passkey implementations require Bluetooth to facilitate the communication between devices during the cross-device authentication.

To use passkeys, support from a passkey provider, such as Apple’s iCloud Keychain or Google Password Manager is necessary. These providers store the passkeys in the cloud, allowing users to authenticate across multiple devices. Users must have a registered cloud account with these providers to utilize passkeys. Alternatively, a third-party passkey provider (password manager) like 1Password or Dashlane can also be used.

For passkeys to function, the relying party (such as a website or app) must implement a WebAuthn server. This server is responsible for handling the creation, storage, and validation of passkeys during the authentication process. Without a WebAuthn-compliant server, passkeys cannot be used.

• Apple Devices: Passkeys are available on Apple devices running iOS 16+ and macOS 13+. The devices must be signed in with an Apple ID and have iCloud Keychain enabled (or use a third-party passkey provider when running on iOS17+).
• Android Devices: Android devices running Android 9+ with Google Play Services enabled can use passkeys through the Google Password Manager (or alternatively a third-party passkey provider when running on Android 14+).
• Windows Devices: Windows 10+ devices with a Microsoft account can use passkeys via the Microsoft Authenticator app or Windows Hello (or via third-party passkey provider).

---