How to Set Up Passkeys: Complete Guide for Google, Apple, and Microsoft (2026)

After the 16 billion password leak in January 2026, passkeys have gone from "nice to have" to essential. Unlike passwords, passkeys can't be phished, can't be leaked in data breaches, and don't require you to remember anything.

This guide walks you through setting up passkeys on every major platform — step by step.

What Are Passkeys and Why Do They Matter?

Passkeys replace passwords with cryptographic key pairs:

• Private key: Stored securely on your device (phone, computer, security key)
• Public key: Stored on the service (Google, Apple, etc.)

When you sign in, your device proves it has the private key without ever sending it. This means:

Password Problems	Passkey Solutions
Can be stolen in data breaches	Private key never leaves your device
Can be phished	Cryptographically bound to the real site
Must be remembered	Biometrics (fingerprint, face) unlock it
Often reused across sites	Unique for every account
Can be guessed or brute-forced	Requires physical device access

Before You Start: Requirements

Device Requirements

Apple Devices:

• iPhone with iOS 16 or later
• iPad with iPadOS 16 or later
• Mac with macOS Ventura or later
• iCloud Keychain enabled

Android Devices:

• Android 9 or later (Android 14+ recommended)
• Google Password Manager or third-party passkey manager
• Screen lock enabled

Windows:

• Windows 10 or later
• Windows Hello configured (PIN, fingerprint, or face)

Security Keys (Optional but Recommended):

• FIDO2-compatible keys (YubiKey 5, Google Titan, Feitian)
• USB-A, USB-C, or NFC connection

Setting Up Passkeys: Google Account

Google was among the first to support passkeys and now encourages them as the default sign-in method.

Step 1: Access Passkey Settings

1. Go to myaccount.google.com/signinoptions/passkeys
2. Sign in with your current password (last time you'll need it!)
3. Click "Create a passkey"

Step 2: Choose Your Device

On iPhone/iPad:

• Safari will prompt to save the passkey to iCloud Keychain
• Authenticate with Face ID or Touch ID
• The passkey syncs across all your Apple devices

On Android:

• Chrome will prompt to save to Google Password Manager
• Authenticate with fingerprint or screen lock
• The passkey syncs across your Android devices

On Windows:

• Choose Windows Hello
• Authenticate with your PIN, fingerprint, or face
• The passkey is stored in Windows

Using a Security Key:

• Select "Use another device"
• Insert your security key and tap when prompted
• The passkey is stored on the physical key

Step 3: Test Your Passkey

1. Sign out of your Google account
2. Go to accounts.google.com
3. Enter your email
4. Select "Use passkey" instead of entering password
5. Authenticate with biometrics

Step 4: Create Backup Passkeys

Critical: Create passkeys on multiple devices:

• Your phone (primary)
• A hardware security key (backup)
• A family member's device (emergency)

If you lose your only passkey device, recovery can be difficult.

Setting Up Passkeys: Apple ID

Apple integrates passkeys deeply into iOS and macOS through iCloud Keychain.

Step 1: Ensure iCloud Keychain Is Enabled

On iPhone/iPad:

1. Settings → [Your Name] → iCloud
2. Tap "Passwords and Keychain"
3. Enable "Sync this iPhone/iPad"

On Mac:

1. System Settings → [Your Name] → iCloud
2. Click "Passwords & Keychain"
3. Enable syncing

Step 2: Create Passkey for Apple ID

1. Go to appleid.apple.com
2. Sign in and go to Sign-In and Security
3. Select "Passkeys"
4. Click "Add Passkey"
5. Authenticate with Touch ID, Face ID, or device passcode

Step 3: Using Passkeys on Apple Devices

When signing into apps or websites that support passkeys:

1. Tap the username field
2. Your device suggests the saved passkey
3. Authenticate with biometrics
4. You're signed in — no password needed

Setting Up Passkeys: Microsoft Account

Microsoft supports passkeys for personal accounts and is rolling out to enterprise.

Step 1: Access Security Settings

1. Go to account.microsoft.com/security
2. Sign in with your current credentials
3. Click "Advanced security options"

Step 2: Add Passkey

1. Find "Ways to sign in or verify"
2. Click "Add a new way to sign in"
3. Select "Face, fingerprint, PIN, or security key"

Windows Hello Option:

• Choose "Use Windows Hello"
• Authenticate with your existing Windows Hello method
• Passkey is created and stored locally

Security Key Option:

• Choose "Security key"
• Insert your FIDO2 key
• Follow the prompts to set up

Step 3: Sign In with Passkey

1. Go to any Microsoft sign-in page
2. Click "Sign-in options"
3. Select "Face, fingerprint, PIN, or security key"
4. Authenticate

Setting Up Passkeys: Other Popular Services

GitHub

1. Go to Settings → Password and authentication
2. Click "Add a passkey"
3. Choose your authentication method
4. Name your passkey (e.g., "iPhone 15", "YubiKey")

Amazon

1. Go to Your Account → Login & security
2. Find "Passkey" section
3. Click "Set up"
4. Authenticate with your device

PayPal

1. Go to Settings → Security
2. Click "Passkeys"
3. Select "Create a passkey"
4. Complete biometric verification

LinkedIn

1. Go to Settings → Sign in & security
2. Select "Passkeys"
3. Click "Add passkey"
4. Authenticate

Hardware Security Keys: Extra Protection

For maximum security, use a hardware security key as one of your passkey devices.

Recommended Security Keys (2026)

Key	Price	Best For
YubiKey 5 NFC	$50	Most users (USB-A + NFC)
YubiKey 5C NFC	$55	USB-C devices
Google Titan	$30	Budget option
YubiKey Bio	$90	Fingerprint on the key

Setting Up a Security Key

1. Insert the key into USB or tap via NFC
2. When creating a passkey, select "Security key"
3. Touch the key when it blinks
4. Name the key (e.g., "Blue YubiKey - Backup")

Best Practice: The 2-Key Rule

• Keep one key on your keychain (daily use)
• Store a backup key in a secure location (home safe, bank deposit box)
• Register both keys with all your important accounts

Passkey Management Tips

Organizing Multiple Passkeys

Most services show you a list of registered passkeys. Name them clearly:

• "iPhone 15 Pro - Primary"
• "MacBook Air - Work"
• "YubiKey Blue - Backup"
• "Wife's iPhone - Emergency"

Cross-Platform Passkeys

Passkeys created on one platform can sometimes be used on others:

Created On	Can Use On
iPhone (iCloud)	Any Apple device signed into same Apple ID
Android (Google)	Any Android signed into same Google account
Windows Hello	That specific Windows device only
Security Key	Any device with USB/NFC

For true portability, security keys are the best option.

What If You Lose Your Device?

Lost iPhone:

• Passkeys sync via iCloud Keychain to other Apple devices
• Use another Apple device or your backup security key
• Remote wipe the lost device via Find My

Lost Android:

• Passkeys sync via Google Password Manager
• Use another Android device or security key
• Remote wipe via Find My Device

Lost Security Key:

• This is why you need a backup key
• Use your phone's passkey to sign in and remove the lost key

Transitioning from Passwords

You don't have to go all-in immediately. Here's a gradual approach:

Week 1: Critical Accounts

• Email (Google, Microsoft, Apple)
• Password manager
• Banking (if supported)

Week 2: Financial

• Investment accounts
• Shopping (Amazon, etc.)
• Payment services (PayPal)

Week 3: Social & Work

• Social media
• Work accounts (if IT allows)
• Developer tools (GitHub, etc.)

Week 4: Everything Else

• Enable passkeys wherever offered
• Keep strong, unique passwords for sites without passkey support

Sharing Accounts Securely During Transition

While transitioning, you may still need to share some credentials with family or colleagues. Never share via:

• Text messages (stored on servers)
• Email (searchable, often unencrypted)
• Chat apps (backed up to cloud)

Instead, use secure, expiring channels. Services like LOCK.PUB let you create password-protected notes that self-destruct after viewing — the credential can never be retrieved again.

Common Passkey Questions

Can I use passkeys and passwords together?

Yes. Most services let you keep both. Passkeys are tried first, with password as fallback.

What happens if I lose all my passkey devices?

This is why backups matter. If you lose everything:

• Use account recovery (usually email/phone verification)
• Some services allow trusted contacts to verify you
• Hardware security key backups prevent this scenario

Are passkeys supported everywhere?

Not yet, but adoption is accelerating. As of 2026:

• All major platforms (Google, Apple, Microsoft) ✓
• Most major services (Amazon, PayPal, GitHub) ✓
• Many banks are still rolling out support
• Some legacy systems may take years

Can someone steal my passkey from my phone?

They would need:

• Physical access to your phone
• Your face/fingerprint/PIN to unlock
• The passkey can't be exported or copied

This is dramatically harder than stealing a password.

The Bottom Line

After 16 billion passwords leaked in a single month, the message is clear: passwords are a liability. Passkeys offer:

• No more phishing — cryptographically impossible
• No more breach exposure — nothing to leak
• No more forgetting — biometrics handle it
• No more password reuse — unique by design

Take 30 minutes today to set up passkeys on your most critical accounts. Start with Google, Apple, or Microsoft — then expand from there.

The future is passwordless. Get there before the next breach.

Share credentials securely during your transition →