Q&A: General Understanding

Q: What is a passkey?

A: A passkey is a secure, passwordless login credential that replaces your password. It uses cryptographic keys stored on your device and lets you log in using biometrics (like Face ID or fingerprint), a device PIN, or screen lock.

Q: What is the difference between a passkey and password?

A: Passkeys are phishing-resistant and can’t be reused or leaked like passwords. They’re tied to a specific device and require local authentication, making them more secure.

Q: What is the difference between a passkey and a security key?

A: A security key is the physical hardware device, while a passkey is the FIDO2 credential stored within it. In this example, we're registering passkeys directly onto our Utrust FIDO2 Security Keys, meaning the credentials are stored on the hardware itself. To learn more about Passkeys vs Security Keys, check out this informational resource.

Q&A: Setting Up a Passkey

Q: What devices support passkeys?

A: You can store passkeys on:

• Hardware security keys like tokens, cards, or USB devices
• Smartphones and tablets (Android or iOS)
• Computers (Windows, macOS)
• Password managers

Q: How do I set up a passkey?

A: Setting up passkeys and security keys is incredibly easy, and the time you spend has a huge ROI for your account's security.

• Follow this tutorial we made for step-by-step instructions on how to set up a passkey/security key in Google.
• If you are not using a security key, you may be prompted to “create a passkey” on platforms like Apple and Google. Follow the instructions, and authenticate using the device's Face ID, fingerprint, or PIN.

Q: Do I have to Buy a Security Key to Use a Passkey?

A: You do not necessarily need to buy a security key (like a usb or card) if you are using a smartphone or computer with biometrics. However, hardware tokens (like these from Hirsch/Identiv, HID, and Idemia) offer additional portability, security, and use across work environments. It is highly recommended to secure your accounts with passkeys stored on a physical authentication factor.

Q&A: Using a Passkey or Security Key

Q: Do I need to keep my security key plugged in to stay logged in?

A:  No, you do not need to keep your security key plugged in to stay logged in; the passkey is only used to authenticate the user. After that process is done, and the user is logged in, the physical key can be removed as the passkey is now verified.

Q: How often will I need to use my passkey to log in?

A: Under normal circumstances, meaning you are using the same browser and same computer (and you don't manually clear your cache), you can expect to stay signed in for a long time. Most users will only need to use their passkey again every 1-3 months.

OR WHEN:

1. you sign in on a new browser (edge, chrome, firefox) or a new device (computer, laptop, phone)
2. you manually clear your browsers cookies or history
3. you use private/incognito mode

Even if you log out and log back in, as long as your browser is still trusted (which it is by default) you likely won't be asked to use your passkey again. 

** dependent on security rules set by your administrator

Q:  Can I share a passkey with someone else?

A: No, passkeys are designed to be unique to you and tied to your authentication (token/device, fingerprint, PIN, etc.).

Q&A: Passkey Security

Q: How do passkeys protect my personal data?

A: Passkeys protect your data by using public/private key cryptography. Your private key never leaves your device and cannot be intercepted, making phishing and credential stuffing attacks nearly impossible.

Q: Is it possible to back up my passkey?

A: Yes, and no, when using a cloud-based password manager or your platform’s account system (Google, Apple, Microsoft), your synced-passkeys are typically backed up and encrypted. If you have a device-bound passkey, it is stored on that device alone and is not backed up elsewhere.

Q: Where should I physically keep my security key?

A: Where to keep your security key depends on how you use it. If you only access your account while in the office, then we recommend keeping your key at your desk. If you access your account on your mobile device, or at home, it is best to keep your key on your person. One practical place to keep a security key is on your keychain like with other keys to your home, car, etc. If you are able, having and enrolling multiple keys will also allow you to have one in the office and one with you, wherever you go.

Q&A: Passkey Troubleshooting & Compatibility

Q: Which websites and services support passkeys?

A: Popular services like Google, Apple, Microsoft, PayPal, Amazon, and more have started adding support for passkeys. You can check https://passkeys.directory for an up-to-date list of every site that accepts passkeys.

Q: What should I do if not all my accounts support passkeys?

A: You can continue using passwords or other forms of MFA for those accounts. Many platforms are gradually rolling out passkey support.

At Tx Systems, we are experts on all things passkey.

Check out some of our great resources to learn more on this topic:

• Crash Course: Passkeys & Fido................ Read our technical blog
• How to Set Up Passkeys for Google ....... Read (or watch) this step-by-step tutorial
• FIDO & PKI: A Password-Free Future...... Read our technical blog
• So, What's a Passkey?................................. Read our technical blog
• What is FIDO?............................................... Read our educational resource page
• Our FIDO Line............................................... View products certified by the FIDO Alliance
• 5 Alternatives to YubiKey.......................... Learn about 5 of the best passkeys on the market