iOS & iPadOS
(create and use passkeys from the local device)Supported
(create and use passkeys from another device)Supported
The platform authenticators in iOS 16+ and iPadOS 16+ have the following capabilities:
- creating and using passkeys that are backed up to iCloud Keychain
- creating and using passkeys on/from another device, such as:
- an iPhone or iPad signed in to a different iCloud account, using FIDO Cross-Device Authentication
- an Android phone or tablet, using FIDO Cross-Device Authentication
- a FIDO2 security key1
- using a passkey from the local iOS or iPadOS device to sign into services on another device (such as a laptop or desktop), using FIDO Cross-Device Authentication
1 On iOS and iPadOS, user verification methods (device PIN, biometric, etc) must already be configured on the security key prior to credential creation
iOS and iPadOS support both client and authenticator roles for Cross-Device Authentication (CDA).
iOS and iPadOS devices (as authenticators) do not support persistent linking for Cross-Device Authentication. When an authenticator is not persistently linked, a QR code must be scanned on every use.
WebAuthn credentials created using the platform authenticator in iOS/iPadOS 15 and earlier will not not be converted to passkeys but will remain available for the lifetime of the device.
To replace a legacy platform credential with a passkey, start a credential registration ceremony and pass the same user handle (user.id) in the request. iOS/iPadOS will overwrite the legacy credential with a new passkey that will be backed up to iCloud Keychain.
- Apple landing page for passkeys
- About the security of passkeys
- Supporting passkeys
- Supporting device-bound passkeys on security keys
- Sample Code
Last Updated: Mar 08, 2023