Passwords have a fundamental problem. People reuse them, forget them, choose weak ones, and get tricked into handing them to fake websites. Two-factor authentication helps, but it adds friction. Passkeys solve all of this at once. They replace passwords entirely with a more secure, faster, and significantly harder to steal alternative that works through the Windows Hello authentication you already use to unlock your PC. This guide explains what passkeys are, how they work in Windows 11, and how to create and use one on a website that supports them.
What Are Passkeys?
A passkey is a cryptographic credential that replaces your password for a specific website or app. When you create a passkey, two keys are generated: a public key that is stored on the website's servers, and a private key that is stored securely on your device, protected by Windows Hello. When you sign in, the website sends a challenge that only your private key can answer. Your device uses Windows Hello to verify that it is you, the private key responds to the challenge, and you are signed in without ever typing a password.
The private key never leaves your device. Even if a website's database is breached, the hackers only get the public key, which is useless without your private key and your Windows Hello authentication. Passkeys are also phishing-resistant by design. They are tied to the exact domain of the website they were created for, so even if you are tricked into visiting a convincing fake login page, your passkey simply will not work there.
In practical terms, signing in with a passkey on Windows 11 means visiting a website, entering your username or email, and then confirming your identity with your face, fingerprint, or PIN through a Windows Hello prompt. No password to remember, no two-factor code to enter from your phone.
What You Need
To use passkeys in Windows 11 you need Windows 11 version 22H2 or later. You also need Windows Hello configured with at least one sign-in method. This can be a PIN, fingerprint recognition, or facial recognition. A PIN is the minimum requirement since not every PC has a fingerprint reader or compatible infrared camera.
If Windows Hello is not yet set up on your PC, open Settings with Windows key + I, go to Accounts, then Sign-in options, and set up a PIN as the starting point. Biometric options appear here too if your hardware supports them.
Passkeys also need to be supported by the website or app you want to sign into. Major services that currently support passkeys include Google, Microsoft, Apple, GitHub, PayPal, Adobe, LinkedIn, X, Amazon, and many others. The number of supported services grows regularly.
How to Create a Passkey on a Website
The process is broadly similar across all websites, though the exact location of the setting varies. Here is how it works using a Google account as an example, since Google is one of the most widely used services with passkey support.
Step 1: Go to the Passkey Settings on the Website
Sign into your Google account at myaccount.google.com. Go to Security in the left sidebar. Scroll down to the section called How you sign in to Google and click Passkeys and security keys. Google may ask you to verify your identity with your current password before continuing.
Step 2: Create the Passkey
Click Create a passkey. Google shows you a summary of what the passkey will be created for. Click Continue.
Step 3: Confirm With Windows Hello
Windows immediately shows a Windows Security prompt asking you to verify your identity using Windows Hello. Use your face, fingerprint, or PIN depending on what is configured on your device. After you authenticate successfully, the passkey is created and stored on your Windows 11 PC.
A confirmation message appears telling you the passkey has been saved. The passkey is now linked to your Google account and stored securely on your device.
How to Sign In Using a Passkey
Once a passkey exists for a website, signing in is straightforward.
Go to the website's login page and enter your username or email address. Instead of being prompted for a password, the site will prompt you to use your passkey or show a Windows Security dialog automatically. If the site gives you a choice, select the passkey or Windows Hello option. The Windows Hello prompt appears. Authenticate with your face, fingerprint, or PIN. You are signed in immediately.
If you are on a site that still shows the password field by default, look for a Sign-in options link or a Use passkey option near the login form. Most sites that support passkeys offer it as an alternative option rather than replacing the password field entirely.
Where Windows 11 Stores Your Passkeys
Windows 11 stores passkeys locally on your device, protected by Windows Hello and the Trusted Platform Module security chip. To view and manage all the passkeys saved on your PC, open Settings with Windows key + I, go to Accounts, and click Passkey settings. This page lists every passkey you have created, showing the website name and the account it is associated with.
To delete a passkey, click the three-dot menu next to it and select Delete passkey. Deleting a passkey from Windows does not automatically remove it from the website. If you want to fully remove it, you should also go to that website's security settings and delete the passkey there.
Using Passkeys Across Multiple Devices
By default, a passkey created on one Windows 11 PC is tied to that device. If you want to sign in using a passkey on a different computer, you have a few options.
The most convenient option is to save passkeys to a synced credential manager. In Windows 11 25H2, Microsoft Password Manager integrated with Edge can sync passkeys across your devices. When creating a passkey, you can choose to save it to Edge's password manager rather than just the local device, making it available on any device where you are signed into Edge with your Microsoft account.
Windows 11 also now supports third-party passkey managers including Bitwarden and 1Password. These apps integrate with the Windows passkey system through a plugin model. Once a supported password manager is installed and configured, it appears as an option when you create or use a passkey, letting you store and sync passkeys through your preferred app across all platforms including iPhone and Android.
For one-off situations where you want to sign in on someone else's PC using a passkey stored on your phone, you can use cross-device authentication. The browser on the unfamiliar PC shows a QR code. You scan it with your phone and approve the sign-in using your phone's biometrics. Bluetooth is used to verify that you are physically nearby, preventing remote attackers from using this method.
Passkeys vs Passwords: A Quick Comparison
| Feature | Passkeys | Passwords |
|---|---|---|
| Risk of being stolen in a breach | No, private key never leaves your device | Yes, websites store password hashes that can be cracked |
| Phishing resistance | Yes, tied to exact website domain | No, can be entered on fake websites |
| Need to remember anything | No | Yes |
| Two-factor authentication needed | No, built-in | Often yes, as an extra layer |
| Works across devices | Yes, with synced credential manager | Yes |
| Supported everywhere | Growing, not universal yet | Universal |
| Setup required | Yes, once per website | Yes, once per website |
Final Thoughts
Passkeys are not a distant future technology. They work today on dozens of major websites and services, and they require nothing more than what is already on your Windows 11 PC. If you use Windows Hello to unlock your PC, you already have everything needed to start replacing passwords with passkeys. The practical experience is fast, the security is genuinely better than passwords plus two-factor authentication combined, and managing them is straightforward through Settings. Starting with one or two frequently used accounts like Google or your Microsoft account is the easiest way to see how the experience feels before gradually replacing more passwords as you encounter sites that support it.
Frequently Asked Questions
Do passkeys work on Windows 10?
Basic passkey support exists on Windows 10 through supported browsers, but the full integrated experience including the native Windows passkey management page in Settings and the plugin model for third-party password managers is only available on Windows 11. Windows 11 version 22H2 or later gives the best experience.
What happens if I lose my PC? Can someone use my passkeys?
No. Passkeys stored on your Windows 11 PC are protected by Windows Hello and the Trusted Platform Module hardware chip. Without successfully authenticating with your face, fingerprint, or PIN, no one can use your passkeys. Even if someone physically stole your device, they cannot access your passkeys without bypassing Windows Hello.
Can I use a passkey created on my PC to sign in on my phone?
Yes, using two methods. If you save passkeys to a synced credential manager like Microsoft Password Manager through Edge or a third-party app like Bitwarden, those passkeys sync to your phone through the manager's cloud. Alternatively, you can use cross-device authentication, where your phone scans a QR code shown by the browser on another device and approves the sign-in using Bluetooth proximity verification.
Which websites support passkeys?
Major services supporting passkeys include Google, Microsoft, Apple, GitHub, PayPal, Adobe, LinkedIn, X, Amazon, WhatsApp, and many others. A regularly updated directory of passkey-compatible services is available at passkeys.directory, which lists supported websites and apps.
Is a passkey the same as a PIN?
No. Your Windows Hello PIN is used to unlock your device and authenticate to use your passkeys. The passkey itself is a separate cryptographic credential created for a specific website or app. The PIN is one of the ways Windows Hello verifies it is you before allowing the passkey to be used, but the two are distinct things.
Discussion (0)
Be the first to comment.