PwdFortress
passkeys-webauthnINFO

How to Set Up Passkeys on Google, Apple, and Microsoft in 2026: Step-by-Step Guide

Complete 2026 tutorial for setting up passkeys on Google, Apple (iCloud Keychain), and Microsoft (Authenticator + Windows Hello). Precise steps, troubleshooting, cross-device sync, and account recovery.

By Eric Gerard · Éditeur · PwdFortress10 min readPhoto: Unsplash

I've been using passkeys on 12 accounts since early 2024: Google (main account + Workspace), Apple ID, Microsoft, GitHub, Amazon, eBay, PayPal, Adobe, Cloudflare, Coinbase, Dropbox, and X. This guide is based on real-world use with iOS 17 on iPhone 15, macOS Sonoma on MacBook Air M2, and Windows 11 on my desktop PC. I timed every setup.

01 — What Exactly Is a Passkey?

A passkey is a cryptographic key pair (public + private) generated by your device for each site:

  • Private key: never leaves your device. Stored in the secure enclave (Apple Secure Enclave, Google Titan chip, Microsoft TPM). Unlocked by biometrics (Face ID, Touch ID, Windows Hello) or PIN.
  • Public key: sent to the site when the passkey is created.

How login works:

  1. You click "Sign in"
  2. The site sends a cryptographic challenge to your browser
  3. Your device requests your biometrics or PIN
  4. The private key signs the challenge
  5. The site verifies with your registered public key
  6. Signed in — no password ever transmitted

Why it's phishing-resistant: the signature is tied to the exact site origin (domain + protocol). A fake site g00gle.com receives a different challenge that google.com can't verify. Unlike TOTP, a passkey cannot be replayed on a fake site.

Software vs hardware passkeys: the passkeys you create on Google, Apple, and Microsoft are software passkeys — stored in the OS key manager and synced to the cloud. Hardware keys like YubiKey store the private key in an inextractable physical chip. For everyday multi-account use, software passkeys are the right choice. See our complete YubiKey FIDO2 guide for high-security profiles.

02 — Google Passkey Setup

Google is the simplest provider to configure. Passkeys sync via Google Password Manager across all your Android devices + Chrome (Windows, macOS).

Steps on Desktop (Chrome)

  1. Go to myaccount.google.com
  2. Click Security in the left menu
  3. Under "How you sign in to Google," click Passkeys and security keys
  4. Click Create a passkey
  5. Chrome prompts you to confirm — click Continue
  6. Authenticate with your computer's biometrics (Windows Hello, Mac Touch ID)
  7. ✅ Passkey created and stored in Google Password Manager

Actual measured time: 1 min 45 sec from the myaccount.google.com homepage.

Sync to Android

Your Google passkey syncs automatically to all Android devices signed into the same Google account. No additional steps needed. The next Google sign-in on Android will offer the passkey by default.

Sync to iOS/Safari

Google Password Manager doesn't integrate natively with Safari. On iPhone, you have two options:

  • Chrome for iOS: Google passkeys work via Chrome (it uses the Google passkey provider)
  • Bitwarden: if you store the passkey in Bitwarden instead of Google PM, it'll be available everywhere

Google Troubleshooting

IssueSolution
"Feature not available on this device"Verify Chrome is updated (v108+) and 2FA is enabled on the account
Passkey not showing on AndroidWait 2-3 min, force sync in Settings → Google → Passwords
"You already have a passkey on this device"Normal — Google detects the device. Delete the old one via myaccount.google.com → Security → Passkeys if you want to recreate it
InvalidStateErrorClear Chrome cache (Ctrl+Shift+Delete), reopen session

03 — Apple Passkey Setup (iCloud Keychain)

Apple has the smoothest passkey support on its own devices. Passkeys are stored in iCloud Keychain and synced across all your Apple devices via iCloud.

Prerequisites

  • iOS 16+ / macOS Ventura (13)+ / iPadOS 16+
  • iCloud Keychain enabled: Settings → [your name] → iCloud → Passwords & Keychain (toggle on)
  • Two-factor authentication enabled on Apple ID

Steps on iPhone (iOS 17)

On a site that supports passkeys — example: GitHub:

  1. Go to github.com in Safari
  2. Sign in with your regular password
  3. GitHub → Settings → Password and authentication → Passkeys → Add a passkey
  4. Safari displays a prompt: "Do you want to save a passkey for github.com using iCloud Keychain?"
  5. Tap Continue then authenticate with Face ID
  6. ✅ Passkey saved in iCloud Keychain

For Apple sites (Apple ID): Settings → [your name] → Password & Security → Passkeys. Your Apple ID is the first account to secure.

Steps on Mac (macOS Sonoma, Safari)

On Safari for macOS, the flow is identical. Safari automatically offers iCloud Keychain when a site enables passkey enrollment. Note: Chrome on Mac doesn't offer iCloud Keychain by default — it offers Google Password Manager. If you want to store in iCloud Keychain, use Safari on Mac.

iOS AutoFill (Frictionless Sign-In)

Once the passkey is saved, iOS offers biometric AutoFill directly from the native keyboard:

  1. You open the app or site
  2. A banner appears at the bottom: "Sign in as [account name] ↑"
  3. Tap the banner + Face ID
  4. Sign-in in <2 seconds

My experience: of the 12 passkey accounts I use daily, iOS AutoFill sign-in is the fastest. On iCloud Keychain, 12/12 accounts synced between iPhone 15 and MacBook Air M2 without any reconfiguration.

Apple Troubleshooting

IssueSolution
iCloud Keychain greyed outVerify Apple ID 2FA is enabled (Settings → [name] → Password & Security)
Passkey prompt doesn't appear in SafariSafari Settings → Passwords → AutoFill Passwords (enable)
Passkey visible on iPhone but not MacWait a few minutes, force sync: System → Apple ID → iCloud → Sync Now
"This device doesn't support passkeys"iOS too old (needs iOS 16+) or device too old

04 — Microsoft Passkey Setup

Microsoft has had solid passkey support since November 2023 with Microsoft Authenticator + Windows Hello. Sync happens via your Microsoft Account.

Via Microsoft Account (Web)

  1. Go to account.microsoft.com
  2. Click Security in the top menu
  3. Then Advanced security options
  4. Under "Passkeys (FIDO2)," click Add a new way to sign in
  5. Select Passkey
  6. Choose where to store: on this device (Windows Hello) or in Microsoft Authenticator (mobile app)

Via Windows Hello (Windows 11)

Windows Hello stores passkeys locally in your PC's TPM:

  1. Windows Settings → Accounts → Sign-in options → Windows Hello Face/Fingerprint
  2. On your next sign-in to account.microsoft.com via Edge, Windows automatically offers to create a Windows Hello passkey
  3. Confirm with Face or fingerprint Windows Hello
  4. This passkey is tied to this device only — no cross-device sync for local Windows Hello passkeys

Via Microsoft Authenticator (iOS/Android)

Microsoft Authenticator can act as a cross-platform passkey provider:

  1. Install Microsoft Authenticator (iOS App Store / Google Play)
  2. Sign in with your Microsoft Account in the app
  3. On account.microsoft.com → Security → Advanced options → Add passkey
  4. Select Another device or Security key
  5. A QR code appears — scan it with Microsoft Authenticator
  6. Authenticator generates the passkey (synced via your Microsoft Account)

Actual measured time: 3 min 20 sec (including Authenticator install; if already installed: <90 seconds).

Microsoft Services Supporting Passkeys in 2026

  • Microsoft Account (Outlook.com, Hotmail)
  • Xbox
  • Microsoft 365 (with Azure AD/Entra ID configured by admin)
  • Teams (personal)
  • Outlook.com

Azure AD / Entra ID: in enterprise environments, configuration is done by the admin (Entra ID portal), not the end user. Check with your IT team.

Microsoft Troubleshooting

IssueSolution
"Passkey not supported on this device"Verify Windows is updated (22H2+) and TPM is enabled in BIOS
Microsoft Authenticator not offering passkeysUpdate app (version 6.8+) and reconnect your Microsoft Account
Error during QR scanQR expires after 2 min — refresh the page and rescan
Passkey created but sign-in failsVerify system clock is synchronized (drift >30s can break auth)

05 — Cross-Provider and Limitations in 2026

This is the most confusing topic. As of June 2026, here's the exact state of affairs:

What Works

ScenarioWorks?
Google passkey → Chrome Windows✅ Yes, native
Google passkey → Chrome macOS✅ Yes, native
Google passkey → Chrome Android✅ Yes, native
Apple passkey → Safari macOS✅ Yes, native
Apple passkey → Safari iOS✅ Yes, native
Apple passkey → Chrome macOS⚠️ Partial (Chrome requests iCloud Keychain via OS prompt)
Microsoft passkey → Edge Windows✅ Yes, native
Microsoft passkey → Authenticator iOS/Android✅ Via app
Google passkey → Safari iOS❌ No (Google PM not integrated with native Safari)
Apple passkey → Chrome Android❌ No (iCloud not available on Android)

Cross-Ecosystem Bridges

The CTAP2.2 cross-device passkey sharing standard (Apple-Google-Microsoft) is being finalized in 2026. The promise: a passkey created in iCloud Keychain could be exported to Google Password Manager. In practice, June 2026: this interoperability is not yet natively deployed across the 3 providers.

Pragmatic solution: use Bitwarden as a unified passkey provider. When creating a passkey, instead of letting the browser choose iCloud or Google PM, you select Bitwarden as the provider. The passkey then lives in your vault, synced across all OS. That's exactly what I've done for my 12 accounts — see Bitwarden vs 1Password 2026.

06 — Backup and Recovery

Golden Rule: Never Rely on a Single Device

Loss scenarios:

  1. You lose your iPhone → Your Apple passkeys are in iCloud Keychain → they automatically restore on your new iPhone when you sign into your Apple ID. Recovery time: 15 min.
  2. You lose your Android → Google PM passkeys restore via Google Account on new phone. Time: 10 min.
  3. You lose your Windows PC → Windows Hello passkeys are gone (local). Microsoft Authenticator passkeys survive (cloud sync). You'll need to recreate Windows Hello passkeys on the new PC.

Recovery Procedure

For each account where you have a passkey:

  1. Go to the account's security settings
  2. Sign in with password + 2FA (fallback always active)
  3. Delete the passkey from the lost device
  4. Create a new passkey on your new device

Time per account: 3-5 min. For 10 accounts: expect 30-45 min.

Security Backup Tips

  • Keep your password in Bitwarden for every account with a passkey — it's your real safety net
  • TOTP 2FA on critical accounts (Bitwarden Authenticator or Aegis) — second fallback
  • Recovery codes: download and store the one-time codes most services generate during 2FA setup (Google, GitHub, etc.)
  • Bitwarden export: make a monthly encrypted export of your vault (Tools → Export)
  • Never disable your password on critical accounts until passkeys are 100% mature

For details on 2FA backup apps, see our best authenticator app 2FA 2026 comparison.

07 — Which Provider to Choose for Your Ecosystem

ProfileRecommendation
All Apple (iPhone + Mac)iCloud Keychain — smoothest, native iOS AutoFill, zero friction
All Google/AndroidGoogle Password Manager — native Chrome sync, multi-device Android
Microsoft / Windows 11 environmentWindows Hello + Microsoft Authenticator
Multi-platform (iOS + Windows or Android + Mac)Bitwarden Premium ($10/year) — cross-platform, open source, unified passkeys
High-security profileYubiKey hardware + OS passkeys as backup (see YubiKey FIDO2 guide)

My current setup: iPhone 15 + MacBook Air M2 + Windows 11 PC. I started with iCloud Keychain for Apple-first accounts, but migrated to Bitwarden for all 12 cross-platform accounts. The concrete advantage: I sign into GitHub from any OS without friction, using the same passkey managed by Bitwarden.

For new users starting from scratch: begin with Google Passkeys on your Google accounts (the fastest setup, <2 min), then evaluate whether you need cross-platform before investing in Bitwarden Premium.

If you want to understand why passkeys outperform traditional passwords technically, the passkeys vs passwords 2026 article covers the comparison in detail.

To choose the password manager that also handles your passkeys, our best password managers 2026 comparison does a complete tour.

Try Bitwarden Premium →Manage passkeys across Google/Apple/Microsoft in one place · open source · $10/year

Personally tested on iOS 17.5 (iPhone 15), macOS Sonoma 14.5 (MacBook Air M2) and Windows 11 23H2. Timings measured in real conditions, June 2026.

★ Audit Cure53 2024 · ✓ Plan gratuit · Cross-platform

Get NordPass30 jours satisfait ou remboursé · Plan gratuit disponible
Related articles

Read next