Passkeys frequently asked questions (FAQ)
Yes, passkeys are designed to replace passwords. You can think of passkeys as the evolution of passwords: instead of remembering (or writing down!) your complex passwords, a passkey is linked to your device (for example, your computer or your phone).
When you want to sign in to a website or application, your device acts like a magic key. No need to type anything, just use your device, and it works! Passkeys are like digital keys that make signing in easier and safer.
Instead of sending a password over the Internet, your device generates a pair of keys: a private key and a public key.
-
The private key is stored securely on your device
-
The public key is registered with the website or application
When you want to sign to the website or application, your device has to prove that it has the private key. After you unlock your private key, your device digitally signs a challenge from the website or application. The website or application verifies the signature using the public key and grants you access.
Yes, passkeys are considered a form of multi-factor authentication. When you use a passkey, you must use a device that stores the passkey (something you have) and unlock it with biographic information or a PIN (something you are, or something you know).
Yes, passkeys are phishing resistant. When they are created, passkeys are associated with the specific domain that the website or app are registered with. A passkey created for netflix.com can only be used with netflix.com. While a user can be tricked into landing on a similar looking website, they can't present their passkey to the malicious website. Their device won't allow it.
Yes, passkeys allow you to use cross device authentication: a passkey might be stored on one device, and you can use it for sign in on another device.
This is handy, for example, when you need to sign in on a new device.
To link your devices together for cross device authentication, you must scan a QR code that's generated on the device where you want to sign in. During this process, a proximity check takes place to ensure that the passkey is only being used for authentication on a link device that's nearby. With this technology, you can rest assured that your passkey can't be used by a remote attacker to gain access from far away.
Here are some possible reasons:
-
To take advantage of the latest passkey features, you must use Windows 11. To verify which version of Windows your device is running, open the Settings app Glyph Library: fluent Glyph Name: SettingsApp > System > About or use the following shortcut:
-
You might have to update your Windows device. To check that your device is up to date, open the Settings app > Update & Security > Windows Update and check the update status and available updates.
-
If your device is registered or managed by your organization (work or school), some passkeys options are unavailable. To check if your device is registered in your organization, open the Settings app > Accounts > Access work or school and verify if your device is connected.
Whether you have positive feedback or concerns about passkeys, we welcome your input. You can submit feedback to Microsoft by opening the Feedback Hub app , and use the category Security and Privacy > Passkey , or use the following shortcut:
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
