iOS & iPadOS

Local Authenticator

(create and use passkeys from the local device)

External Authenticator

(create and use passkeys from another device)



The platform authenticators in iOS 16+ and iPadOS 16+ have the following capabilities:

  • creating and using passkeys that are backed up to iCloud Keychain
  • creating and using passkeys on/from another device, such as:
    • an iPhone or iPad signed in to a different iCloud account
    • an Android phone or tablet
    • a FIDO2 security key1

1 On iOS and iPadOS, user verification methods (device PIN, biometric, etc) must already be configured on the security key prior to credential creation

Platform Notes

WebAuthn credentials created using the platform authenticator in iOS/iPadOS 15 and earlier will not not be converted to passkeys but will remain available for the lifetime of the device.

To replace a legacy platform credential with a passkey, start a credential registration ceremony and pass the same user handle ( in the request. iOS/iPadOS will overwrite the legacy credential with a new passkey that will be backed up to iCloud Keychain.