Passkeys

Passkeys can now be synced using external providers, and you can create groups to share passwords and passkeys. In managed environments, passkeys support Managed Apple IDs, including syncing via iCloud Keychain, and access controls let people easily restrict how passkeys are shared and synced.

What’s new

Now people can share passwords and passkeys from iCloud Keychain with their trusted contacts. Password manager apps can save and offer passkeys on iOS, iPadOS, and macOS. Enterprises can take advantage of passkeys thanks to Managed Apple ID support for iCloud Keychain. And administrators can manage which devices passkeys sync to using Access Management controls in Apple Business Manager and Apple School Manager.

Watch the latest video

Streamlined sign-in, without passwords

Saving and using a passkey is quick and easy with one-step account creation and sign-in using Face ID or Touch ID. There’s no need to create or manage passwords. Because passkeys are synced with iCloud Keychain, they’re available across Apple devices. You can even use your iPhone to sign in to apps and websites on non-Apple devices.

Next-generation account security

Based on FIDO Alliance and W3C standards, passkeys replace passwords with cryptographic key pairs. These key pairs profoundly improve security.

Strong credentials. Every passkey is strong. They’re never guessable, reused, or weak.

Safe from server leaks. Because servers only keep public keys, servers are less valuable targets for hackers.

Safe from phishing. Passkeys are intrinsically linked with the app or website they were created for, so people can never be tricked into using their passkey to sign in to a fraudulent app or website.

In iCloud Keychain, passkeys are end-to-end encrypted, so even Apple can’t read them. A passkey ensures a strong, private relationship between a person and your app or website.

Works alongside passwords

Since signing in with passkeys uses AutoFill and Face ID or Touch ID for biometric verification, the transition to passkeys is seamless. This lets people use passkeys alongside passwords, so you don’t need to adjust your sign-in page based on credential type. You’ll use the new Authentication Services API to add passkeys, creating sign-in flows that are familiar to users.