But what is a passkey? A passkey is a set of cryptographic elements that involve a distinct pairing: One key is public, registered with the app or site you’re logging into, and the other key is private and stored on your device. Notice that for a passkey system to be implemented, both the device or operating system maker (in this case, we’re talking about Apple, but Google is working on a similar system for Android devices) and each app or website must support passkeys. Because this is a relatively new system, few apps offer a passkey option.

Passkeys are a significantly safer replacement for passwords. They cannot be reused, don’t leak in server breaches and protect users from phishing attacks. Using passkeys is not unlike using passwords, so the transition to a passwordless online experience should be pretty easy.

For the iPhone, passkeys work through the iCloud Keychain, so you must have this enabled on your phone. iCloud is Apple’s cloud service that stores things like photos, notes and other files in the cloud. When enabled, your files are automatically copied to iCloud. To check the status of iCloud on your device, open your phone’s settings, tap on your name and scroll down to “iCloud.” If it’s on, you’ll see how much storage you have and how much you’ve used. You can also see which apps are using iCloud. At the bottom of the app list, you’ll see “Passwords and Keychain”, which should be toggled on.

With iCloud Keychain activated, you can keep your website and app passkeys and passwords, credit card information, Wi-Fi network information and other account information up to date across your iPhone and other Apple devices if you have them, including Mac computers running Ventura and iPads running iPadOS 16. iCloud Keychain is secured with 256-bit AES encryption during storage and transmission, and its data can’t be read by Apple.

You also need to be using two-factor authentication for your Apple ID, a security best practice for all accounts and services. If you haven’t already turned this on, go into your phone’s settings and tap on “Password & Security.” Toggle on “Two-Factor Authentication.” This means you’ll have an extra step when logging into iCloud. Along with your password, you’ll also receive a one-time code on your phone to verify your identity. This works because it uses your physical device to determine you are the one logging in, and it is unlikely that someone who had gained unauthorized access to your login information would also have your phone at hand.

To actually use passkeys, you need to be signing into (or creating a new account for) a service with passkey support. The choice is pretty limited for now, but apps including PayPal, eBay and travel app Kayak are already offering a passkey option. When you create a new account or sign into an existing account that has the passkey option from your iPhone, you’ll be asked if you want to create a passkey.

When the passkey prompt appears, tap “Continue” and you will then be asked to provide Face ID or Touch ID confirmation. With that complete, you’re all set — your passkey has been created. When you need to sign into this app in the future, you’ll need to confirm you want to use a passkey, then use your face or fingerprint again. Because iCloud Keychain handles the syncing of passkeys between different devices, you can get your credentials back if you lose access to one of them. There’s also a recovery process in place to help you get your information back should you lose access to all of your devices at the same time or have a single device. The new system should be more convenient and more secure.

For people who use devices running on Android, the process is similar, although Google is a few steps behind Apple. Google said in a recent statement that both the Android operating system and the Chrome web browser are now compatible with the passkey feature in beta form, meaning it’s still being tested. However, the system should be finalized by the end of this year, Google said.

Further, Google Password Manager is in the process of adding passkey support, so your encrypted logins will be synced everywhere you use your Google account.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness, and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.