How to use and manage Passkeys in Windows 11
Microsoft has added support for Passkeys in Windows 11 Insider Preview Build 23486. You can use it for a passwordless sign-in experience across apps and websites.
This website lists various services that currently support the protocol. Not all browsers support Passkeys, we will use Gmail and Microsoft Edge in the tutorial below. You will also need to install the Windows 11 Insider Preview Build 23486 (or later) that is available for Dev Channel users.
How to create a Passkey in Windows 11
1. Open your desktop web browser and go to a website that supports Passkeys. e.g. Gmail.
2. Sign in to your account using your password.
3. Head to your account settings, and enable sign in via Passkey. Refer to our guide to learn how to create a Passkey for your Google account.
4. The website will use your Windows Hello credentials for creating the Passkey. This can be your PIN, or biometric options such as your fingerprint ID, or your face (if you're using the camera to sign in).
Note: You can use Passkeys saved on your mobile phone too, when you use the QR code to sign in on your PC, the website will create a Passkey and save it on your computer.
The Passkey that was created is stored securely on your computer, and is available across browsers in Windows 11. It is not transmitted to the website, and since a password is not involved in the authentication process, Passkeys are resistant to phishing attacks. Try signing out of your account, and log in again, this time use the Passkey option, to be precise you may have to select “Windows Hello or external security key”.
You will be able to log in to your account using Windows Hello by using your computer's fingerprint scanner, or webcam or by entering the PIN manually.
I tested the created Passkeys in Edge and Chrome, they worked fine, but they did not work in Firefox which is odd, considering that the browser does support it in the Stable Channel of Windows 11. You may use the Passkeys in apps for online services too, providing that they support it.
What if you want to access the account on another device? For example, you may want to use your account to access your email inbox on your phone. That's quite simple, just login to the website on your desktop browser and create a new Passkey, this time select the "use another device" option, which will display a QR code that you can scan with your phone's camera. This process saves the Passkey on your mobile device, so you now have 2 keys, one on your phone and one on your PC. This may seem tedious, but since Passkeys aren't synchronized between devices or the server (Apple iCloud Keychain is an exception to this), this is the only way to store Passkeys on multiple devices. Speaking of which, iOS 17 will automatically create a passkey for your Apple ID on your iPhone, that's quite convenient.
I lost my device, what do I do to access my account? Don't panic, just sign in with your password normally, and you can remove the Passkey from the lost device remotely. Remember, Passkeys do not replace passwords, so don't worry about losing your account.
How to manage Passkeys in Windows 11
1. Open the Settings app.
2. Click on the Accounts tab in the sidebar.
3. Select Passkey Settings.
This page lists the Passkeys that you have saved on your computer. You may use it to search for any Passkey. Currently, the only option that is available is to delete the saved keys. This may be useful if you want to share the computer with someone else.
Followed it through, setting up for PIN.
I log in with a PIN.
I then open Chrome and log into Google (email and password at the only option).
Google then prompts to enter a PIN to set up a Passkey.
PIN Entered, Google says it already exists.
Back to Windows settings, there is no Passkeys settings.
How does Windows 11 manage to set a Google Passkey that does not function but Google knows it exists?
Passkeys deleted from Google. I understand how to solve password problems and will stick with those. .
“…This process saves the Passkey on your mobile device, so you now have 2 keys, one on your phone and one on your PC. This may seem tedious, but since Passkeys aren’t synchronized between devices or the server (Apple iCloud Keychain is an exception to this), this is the only way to store Passkeys on multiple devices.”
I thought the main appeal of multi-device FIDO credentials (passkeys) over FIDO2 was that they sync between devices. Now they don’t? Is this a case of Microsoft and Google not being willing to work together?
Why is this not a device-independent universal implementation, where passkeys can sync across platforms as long as the device meets the requirements to keep the private key secure (I.E. has secure hardware to support it such as TPM, Secure Enclave, TrustZone, etc.).
As it is, this means we now have vendor lock in – for example, what happens when someone with all their passkeys stored on their Apple devices wants to use Windows or Android instead – does this mean they can’t because they’re locked in to Apple now? Likewise, if someone has an Android phone, drops it in a lake and decides they want to buy an iPhone, all their passkeys are now going to be stuck in their Google account with no way to move them?
“…I lost my device, what do I do to access my account? Don’t panic, just sign in with your password normally, and you can remove the Passkey from the lost device remotely. Remember, Passkeys do not replace passwords, so don’t worry about losing your account.”
It just gets worse. The whole appeal of FIDO is supposed to be that there are no passwords to steal or phish. If people still need to have passwords, then this offers no benefit. What on earth is going on?
Based on the article, all the promised advantages of multi-device FIDO credentials (passkeys) are non existent for those using Windows and Android. FIDO passkeys have gone from what was a promising future for replacing passwords, to a complete unappealing mess. The technology is great, but it is too poorly implemented to gain mainstream support (again) – just like was the case with FIDO U2F and FIDO2.
“stored securely in Windows”
This oxymoron is getting old, but it is just as dangerous as when it was new!
1Password will save your passkey between devices.