(create and use passkeys from the local device)Supported
(create and use passkeys from another device)Supported
The platform authenticator in macOS Ventura (13) has the following capabilities:
- creating and using passkeys that are backed up to iCloud Keychain
- creating and using passkeys on/from another device, such as:
1 On macOS, user verification methods (device PIN, biometric, etc) must already be configured on the security key prior to credential creation
macOS does not currently support persistent linking of external authenticators for Cross-Device Authentication at the operating system level.
Persistent linking is available between Android devices (authenticator) and Chrome and Edge (clients) on macOS.
When an authenticator is not persistently linked, a QR code must be scanned on every use.
WebAuthn credentials created using the platform authenticator in macOS Monterey (12) and earlier will not be converted to passkeys but will remain available for the lifetime of the device.
To replace a legacy platform credential with a passkey, start a credential registration ceremony and pass the same user handle (user.id) in the request. macOS will overwrite the legacy credential with a new passkey that will be backed up to iCloud Keychain.
Edge: credentials created by Edge are currently device-bound passkeys, are not backed up to iCloud Keychain, and are not available outside of Edge.
Firefox: passkeys are not currently supported in Firefox on macOS. Device-bound passkeys on a FIDO2 security key are supported.
- Apple landing page for passkeys
- About the security of passkeys
- Supporting passkeys
- Supporting device-bound passkeys on security keys
- Sample Code
Last Updated: Oct 23, 2023