Using Passkeys on Mac Computer

Using Passkeys on Mac Computer

Safari 16 removes the "Enable Syncing Platform Authenticator" option from the developer menu.
Apple released the following:
In October, support for passkeys will come to macOS Monterey and macOS Big Sur, as well as macOS Ventura and iPadOS.
Please visit Safari 16 Release Post for more information. 

Device compatibility

  • iOS 15 or later.
  • macOS Big Sur or later.
  • Macs with a T1/T2 security chip or Apple Silicon.

Authenticator Types

There are two types of WebAuthn authenticators: roaming authenticators and platform authenticators.

Roaming Authenticators

Roaming authenticators are like Yubikey or Titan Keys. They are physical security keys that a passkey is saved to. As long as the physical security key can interface with your device, you'll be able to use it with any device running those macOS or iOS versions.
 

 
 
 
 
 
 

Platform authenticators

Platform authenticators are the authenticators that are built into your iOS or macOS device. 
On macOS versions before Ventura (13.0), only devices that have the Touch ID sensor can create a Platform authenticator passkey. This includes all the recent Mac laptops as well as desktop computers using the external Touch ID keyboard. This passkey is saved to the device that you register the passkey on. In other words, if you have a MacBook Pro and a MacBook Air, you would need to register a passkey for each device.
 

 
 
 
 
 
 

iCloud

Now, Apple realized that registering each device separately isn't the ideal solution. Therefore, starting on iOS 16 and macOS Ventura, passkeys will instead always be saved to iCloud and synced to every device that is logged in using the same iCloud account. If you have a separate "work" iCloud and "personal" iCloud, passkeys will not be able to automatically cross that boundary. Instead, you'll need to register a passkey using any device signed into your "work" iCloud and another passkey on any device using your "personal" iCloud.
 

 
 
 
 
 
 
Notice the UI says saving a passkey to iCloud keychain
With iCloud passkeys, users on Mac devices without Touch ID, for instance a Mac Studio, can register platform authenticator passkeys that are saved to iCloud. These passkeys function identically to ones that are created with the Touch ID on a Mac, but have a slightly different UI.
 

 
 
 
 
 
 
Note: While this feature is launching officially with iOS 16 and macOS Ventura, iCloud passkeys can be tested via each platforms' respective developer menu. On macOS this can be done by going to Safari → Develop → Enable Syncing Platform Authenticator. If you do not have the Develop Menu enabled in Safari, you can enable it by going to Safari → Preferences... → Advanced → Show Develop Menu in menu bar.

Google Chrome

Note: We recommend using Safari for the best experience on macOS.
Similarly to Safari, Chrome offers three authentication types. Using a USB security key, an Android or iOS device, or "This Device".
 

 
 
 
 
 
 
USB Security Key is again the Roaming authenticator type.
The mobile device flow uses the QR code method outlined here. Again, for iOS devices at least, this requires the Syncing Platform Authenticator to be enabled. For more information, click here
"This Device" let's you save a passkey to the current device you are using. In that way it functions similarly to how I outlined Platform authenticators work on iOS < 16 and macOS < 13 above. One notable difference is that Touch ID is not required. If your device does not have a Touch ID sensor, you'll be prompted to enter your computer's password. This password is not transmitted to the site you are logging in with, it is only used by Google Chrome to "unlock" your passkey.
So, if you were a Google Chrome user and had multiple macOS devices, you would register a passkey on each device running Google Chrome.
After iOS 16 is released, you could alternatively save the passkey to your iPhone. Then, whenever you'd want to login with Google Chrome, you would go through the QR Mobile Device flow using your iPhone.
Note: The function is very similarly for Anroid users as to how its been outlined for Safari.

Firefox

Firefox only supports Security Keys on macOS devices and do not have "Platform Authenticator" support at this time. We currently recommend using Safari or Google Chrome. 
Have more questions? Submit a request