What Is a Passkey? Say Goodbye to Passwords
You may have noticed Google, Amazon and other big services asking you to “create a passkey.” Passkeys are a new way to log in that could eventually replace passwords altogether. Here is what they are and why you should care.
What Are Passkeys?
A passkey is a digital key stored securely on your phone, tablet or computer. Instead of typing a password to log in, you verify your identity using something you already do every day - scanning your fingerprint, looking at your phone for Face ID, or entering your device PIN.
Behind the scenes, passkeys use a technology called public-key cryptography. When you create a passkey, your device generates two linked keys. The private key stays on your device and never leaves it. The public key gets sent to the website. When you log in, the website sends a challenge that only your private key can solve. No passwords are ever transmitted, which means there is nothing for a hacker to steal from the website's servers.
The website has a lock (your public key) and only your device holds the matching key (your private key). Even if someone breaks into the website, all they get is a lock without a key - completely useless on its own.
Why You Should Use Them
p@ssw0rd_123! and its dozens of variations. Your fingerprint or face is the key. There is literally nothing to memorise, nothing to write down, and nothing to forget.
Passkeys vs Passwords: A Quick Comparison
| Passwords | Passkeys | |
|---|---|---|
| Can be phished | Yes | No |
| Can be guessed | Yes | No |
| Can be leaked in a breach | Yes | No |
| Need to remember them | Yes | No |
| Syncs across devices | With a manager | Built in |
| Widely supported | Everywhere | Growing fast |
Which Services Support Passkeys?
The list is growing rapidly. As of 2026, you can use passkeys with many of the services you probably use every day, including:
- Google (Gmail, YouTube, Google Drive)
- Apple (iCloud, App Store)
- Microsoft (Outlook, Xbox)
- Amazon
- PayPal
- eBay
- GitHub
Many password managers now support passkeys too, so you can store and manage them alongside your existing passwords during the transition.
How to Create a Passkey
The exact steps vary slightly depending on the service, but the process is generally the same:
- Log into the website or app using your existing password.
- Go to your account settings and look for a security or sign-in section.
- Choose the option to create or add a passkey.
- Your device will ask you to confirm with your fingerprint, face or PIN.
- That is it. Next time you log in, you will use the passkey instead of a password.
For now, yes. Not every website supports passkeys yet, and you will still need passwords as a backup in some cases. Keep your existing passwords strong and stored in a password manager. Think of passkeys as an upgrade you can adopt gradually, one account at a time.
Are Passkeys Really Safe?
Passkeys are significantly safer than passwords. Your private key never leaves your device, so it cannot be stolen from a website's servers. The key is also protected by your device's built-in security - Face ID, Touch ID, Windows Hello, or your screen lock PIN. Even if someone stole your phone, they would still need your biometric or PIN to use your passkeys.
Passkeys are backed by the FIDO Alliance, a consortium that includes Apple, Google and Microsoft. The technology has been designed from the ground up to solve the problems that make passwords vulnerable in the first place.
While passkeys are the future, passwords are not going away overnight. Make sure yours are up to scratch - test your password strength with our free, private checker, or read our password strength tips for practical advice.
Are Your Passwords Ready for the Transition?
While you still need passwords, make sure they are strong. Check yours instantly - 100% private.
Test Password Strength