When Can Passkeys Be Used?
Learn when passkeys can be used for user authentication, including system requirements, hardware needs, and availability across different platforms.
When Can Passkeys Be Used?#
Passkeys can be used for user authentication when the system meets specific requirements, such as compatible operating systems, necessary hardware like TPM or Secure Enclave, and support from the passkey provider. Typically, passkeys work on modern devices that run updated operating systems and have secure hardware components. Additionally, a WebAuthn server support is required at the relying party.
- Passkeys can be used on modern devices with updated operating systems and secure hardware components.
- A WebAuthn server implementation is required to use passkeys.
- Support from a passkey provider and the availability of Bluetooth are often necessary.
System and Hardware Requirements#
To use passkeys, devices must meet certain system and hardware requirements. These include:
- Operating System Version: Passkeys generally require the latest versions of operating systems, such as iOS 16+, macOS 13+, Android 9+, and Windows 10+. The system should support WebAuthn, the standard that enables passkeys.
- Hardware Requirements: Devices should have a Trusted Platform Module (TPM), Secure Enclave, or Trusted Execution Environment (TEE) to store the passkey securely. These hardware components ensure that the passkey is protected from unauthorized access.
- Bluetooth Availability: Some passkey implementations require Bluetooth to facilitate the communication between devices during the cross-device authentication.
Passkey Providers and Cloud Accounts#
To use passkeys, support from a passkey provider, such as Apple’s iCloud Keychain or Google Password Manager is necessary. These providers store the passkeys in the cloud, allowing users to authenticate across multiple devices. Users must have a registered cloud account with these providers to utilize passkeys. Alternatively, a third-party passkey provider (password manager) like 1Password or Dashlane can also be used.
WebAuthn Server Implementation#
For passkeys to function, the relying party (such as a website or app) must implement a WebAuthn server. This server is responsible for handling the creation, storage, and validation of passkeys during the authentication process. Without a WebAuthn-compliant server, passkeys cannot be used.
Availability Across Platforms#
- Apple Devices: Passkeys are available on Apple devices running iOS 16+ and macOS 13+. The devices must be signed in with an Apple ID and have iCloud Keychain enabled (or use a third-party passkey provider when running on iOS17+).
- Android Devices: Android devices running Android 9+ with Google Play Services enabled can use passkeys through the Google Password Manager (or alternatively a third-party passkey provider when running on Android 14+).
- Windows Devices: Windows 10+ devices with a Microsoft account can use passkeys via the Microsoft Authenticator app or Windows Hello (or via third-party passkey provider).
About Corbado
Corbado is the Passkey Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: which devices, OS versions, browsers and credential managers support passkeys, why enrollments don't turn into logins, where the WebAuthn flow fails and when an OS / browser update silently breaks login, all without replacing Okta, Auth0, Ping, Cognito or your in-house IDP. Two products: Corbado Observe layers observability for passkeys and any other login method. Corbado Connect adds managed passkeys with analytics built in (alongside your IDP). VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert →
Share this article
Table of Contents
Related Terms
Related Articles
