A passkey is a public-private key pair stored on your device that replaces a password. The site holds the public key, the private key never leaves your phone or computer, and a biometric or PIN unlocks it for sign-in.

Are passkeys safer than passwords?

Yes. Passkeys are bound to the site's origin, so a phishing site cannot trick you into entering them. The server stores only the public half, so a database breach cannot leak a usable secret.

Can the same passkey work on multiple devices?

Yes, when stored in iCloud Keychain, Google Password Manager, or a synced manager such as 1Password or Bitwarden. Passkeys created on a hardware security key are device-bound and stay on that key.

What happens if I lose my device?

If your passkeys are synced to iCloud Keychain or Google Password Manager, sign in to a new device with your Apple ID or Google account and the passkeys come back. Otherwise, use the site's account recovery flow.

Can I use a passkey on a public computer?

Yes, through the cross-device flow. Scan the QR code shown by the site with your phone, approve the prompt, and you are signed in on the public computer without leaving the passkey behind.

Do passkeys replace two-factor authentication?

A passkey already combines two factors: something you have (the device) and something you are (biometric) or know (PIN). Most sites that support passkeys treat a passkey as both the primary credential and a second factor.

Home
/
Learning Hub
/
Passkeys: Browser Support, Setup, Limitations

Testing

Passkeys: Browser Support, Setup, Limitations

Q: Which browsers support passkeys?

Chrome 108+, Edge 108+, Firefox 122+, Opera 97+, Samsung Internet 21+, and Safari 16.0+ on iOS or 16.1+ on macOS Ventura support passkeys. Internet Explorer and the legacy Android Browser do not support them.

Q: Do passkeys work in Firefox?

Yes. Firefox supports passkeys from Firefox 122 on Windows, macOS, Linux, and Android. On macOS, Firefox can read and write passkeys stored in iCloud Keychain.

Q: How do passkeys work?

The browser uses the Web Authentication API to generate a public-private key pair on your device. To sign in, the site sends a random challenge, the device signs it with the private key, and the site verifies the signature with the stored public key.

Passkeys work in Chrome 108+, Edge 108+, Firefox 122+, Opera 97+, Safari 16.0+ on iOS, and Safari 16.1+ on macOS Ventura. Learn passkey browser support today.

Prince Dewani

May 6, 2026

On This Page

About Passkeys
Browser Support
How They Work
vs Passwords
Setup Guide
Limitations
Citations

A passkey is a FIDO credential built on the Web Authentication API that replaces a password with a public-private key pair stored on your device. It works in Chrome 108+, Edge 108+, Firefox 122+, Opera 97+, Safari 16.0+ on iOS, and Safari 16.1+ on macOS, while Internet Explorer and the legacy Android Browser do not support it.

This guide covers what a passkey is, the browsers that support it, how they work, passkeys vs passwords, setup steps, and known limitations.

What is a passkey?

A passkey is a FIDO Alliance and W3C credential that replaces a password with a public-private key pair. The browser stores the private key on your device behind a biometric or PIN, and the website holds the public key. The pair signs in to the site through the Web Authentication API.

Which browsers support passkeys?

Passkeys work in every modern browser on iOS, macOS, Windows, Android, and ChromeOS. The first stable releases shipped in Chrome and Edge 108, Safari 16, Opera 97, Samsung Internet 21, and Firefox 122.

Loading browser compatibility data...

Passkey compatibility in Chrome

Chrome supports passkeys from Chrome 108 on Windows, macOS, Linux, ChromeOS, and Android 9 or later. On iOS and iPadOS 16+, Chrome stores passkeys in iCloud Keychain or Google Password Manager. Chrome 4 to 107 did not support passkeys.

Passkey compatibility in Edge

Edge supports passkeys from Edge 108 on Windows 10, Windows 11, macOS, Linux, and Android. On Windows 11 22H2 with KB5030310, Edge manages passkeys natively through Windows Hello and the Microsoft account. Edge 12 to 107 did not support passkeys.

Passkey compatibility in Firefox

Firefox supports passkeys from Firefox 122 on Windows, macOS, Linux, and Android. On macOS, Firefox can read and write passkeys stored in iCloud Keychain, and the form autofill UI surfaces a passkey picker when the page sets the webauthn token on the autocomplete attribute. Firefox 2 to 121 did not support passkeys.

Passkey compatibility in Safari

Safari supports passkeys from Safari 16.0 on iOS 16 and iPadOS 16, and from Safari 16.1 on macOS Ventura 13. iCloud Keychain syncs passkeys end-to-end encrypted across signed-in Apple devices. Safari 3.1 through 16.0 on macOS and Safari 3.2 through 15.8 on iOS did not support them.

Passkey compatibility in Opera

Opera supports passkeys from Opera 97 on Windows, macOS, Linux, and ChromeOS, since Opera shares the Chromium engine that landed passkey support in Chrome 108. Opera Mobile picked it up from Opera Mobile 80 on Android. Opera 9 to 96 did not support passkeys.

Passkey compatibility in Samsung Internet

Samsung Internet supports passkeys from Samsung Internet 21 on Android 9 or later. Samsung Pass syncs passkeys across Galaxy phones and tablets that share a Samsung account. Samsung Internet 4 to 19 did not support passkeys.

Passkey compatibility in Android Browser

The legacy Android Browser, frozen at version 4.4 before Chrome for Android took over, does not support passkeys. Android 9 and later expose passkeys through Credential Manager, so use Chrome 108+, Samsung Internet 21+, or Firefox 122+ on modern Android phones.

Passkey compatibility in Internet Explorer

Internet Explorer 5.5 through 11 do not support passkeys, since the browser shipped before the Web Authentication API. Microsoft has retired Internet Explorer; passkey work on Microsoft platforms now lives in Microsoft Edge backed by Windows Hello.

Note: Passkey UI breaks across iOS, Android, Windows Hello, and password managers. Test it on real browsers and OS with TestMu AI. Try TestMu AI free!

How do passkeys work?

Passkeys use public-key cryptography to prove who you are to a website without sending a shared secret over the network. The flow has six stages, governed by the Web Authentication API.

Register: The site calls navigator.credentials.create() and the browser prompts you to use Touch ID, Face ID, Windows Hello, an Android screen lock, or a hardware security key.
Generate a key pair: The platform authenticator generates a public-private key pair tied to the site's origin. The private key never leaves the device.
Send the public key: The browser sends the public key and a credential ID to the site, which stores both with your account.
Sign in: When you return, the site calls navigator.credentials.get() with a fresh random challenge for that session.
Sign the challenge: After you unlock the device with biometric or PIN, the platform authenticator signs the challenge with the private key.
Verify: The site checks the signature against the stored public key. A valid match signs you in without a shared password.

What is the difference between passkeys and passwords?

Passkeys and passwords both prove who you are to a site, but a passkey signs a challenge with a private key while a password is a shared secret that you and the server both know. The table below lays out the trade-offs that matter most for security and recovery.

Dimension	Passkey	Password
Where it is stored	Encrypted in iCloud Keychain, Google Password Manager, a synced manager, or a hardware key	In your head, in a manager, or written down
What the server stores	A public key	A salted hash, or worse, plaintext
Phishing resistance	Bound to the origin; cannot be entered on a fake site	Easy to phish through lookalike domains and fake login pages
Reuse across sites	Unique per site; cannot be reused	Frequently reused, so one breach exposes many accounts
Recovery	Restored from iCloud, Google, or password-manager sync	Reset email, SMS code, or security questions
Sync between devices	End-to-end encrypted sync across signed-in devices	Manual or password-manager sync
Required hardware	Device with a secure element and biometric or PIN	None

How do you set up a passkey in your browser?

Passkey setup is per-site: visit the account settings, choose to create a passkey, then approve it with your device's biometric or PIN. The flow takes under a minute on every supported browser.

Open the site's account settings: Sign in with your existing password and find the security or sign-in section.
Click "Create a passkey": The button label varies (Apple, Google, GitHub, and Microsoft each call it slightly differently).
Approve with biometrics or a PIN: Touch ID, Face ID, Windows Hello, an Android fingerprint, or your screen lock will prompt you to confirm.
Pick a storage location: Choose iCloud Keychain on Apple, Google Password Manager on Android and Chrome, or a third-party manager such as 1Password, Bitwarden, or Dashlane.
Test sign-in: Sign out, then sign back in. The browser autofill UI should surface the passkey without asking for a password.

If the autofill UI does not appear, confirm the site set autocomplete="username webauthn" on its sign-in field and that the browser is Chrome 108+, Edge 108+, Firefox 122+, or Safari 16.1+.

What are the known limitations of passkeys?

Passkeys remove most password problems but bring trade-offs around Linux desktops, cross-ecosystem sharing, and account recovery.

Linux desktop: Linux Chrome and Firefox cannot create platform passkeys. The QR code flow with a phone, or a hardware security key like YubiKey, is the only path on Linux today.
Internet Explorer and legacy Android Browser: Neither supports the Web Authentication API, so users on those browsers cannot sign in with a passkey and need a password fallback.
Cross-ecosystem sharing: A passkey created in iCloud Keychain does not roam to Google Password Manager, and vice versa. Users who switch ecosystems must scan a QR code or recreate the passkey on the new device.
Bluetooth requirement for cross-device: Cross-device passkey flows require Bluetooth Low Energy on both the phone and the laptop for proximity verification, which fails in locked-down enterprise networks that block Bluetooth.
Account recovery: A user who loses every device that holds the passkey, plus the linked iCloud or Google account, loses access. Sites must still expose a separate recovery channel such as email or a recovery code.

In my experience, the trickiest test failure is cross-ecosystem sign-in. A passkey saved in iCloud Keychain on a MacBook does not autofill on a Pixel without a QR code dance, so a QA matrix that only spans Apple devices misses real users who hop between an iPhone, a Windows laptop, and an Android tablet during the same week.

Citations

All passkey version numbers and platform notes in this guide come from these primary sources:

W3C Web Authentication Recommendation: w3.org/TR/webauthn-3
FIDO Alliance Passkeys: fidoalliance.org/passkeys
MDN Web Authentication API: developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
Wikipedia - WebAuthn: en.wikipedia.org/wiki/WebAuthn
Mozilla Firefox 122 Release Notes: firefox.com/firefox/122.0/releasenotes
Apple Developer - Passkeys: developer.apple.com/passkeys
Google Identity - Passkeys: developers.google.com/identity/passkeys
Google Passkey Supported Environments: developers.google.com/identity/passkeys/supported-environments
Microsoft Learn - Support for Passkeys in Windows: learn.microsoft.com/windows/security/identity-protection/passkeys
passkeys.dev Device Support: passkeys.dev/device-support
Chrome Platform Status - WebAuthn: chromestatus.com/feature/5417772188434432

Author

Prince Dewani

Blogs: 8

Prince Dewani is a Community Contributor at TestMu AI, where he manages content strategies around software testing, QA, and test automation. He is certified in Selenium, Cypress, Playwright, Appium, Automation Testing, and KaneAI. Prince has also presented academic research at the international conference PBCON-01. He further specializes in on-page SEO, bridging marketing with core testing technologies. On LinkedIn, he is followed by 4,300+ QA engineers, developers, DevOps experts, tech leaders, and AI-focused practitioners in the global testing community.