Passkey support on Android and Chrome

Passkeys are created on, saved to, and synchronized across devices through a password manager. For example, passkeys created on a website on Chrome on Android are stored to the Google Password Manager by default, and then synchronized to different environments where Google Password Manager is available, such as Chrome on macOS, Windows, Linux and ChromeOS. The user can choose which password manager to store a passkey to or to authenticate a passkey from depending on the environment. The user's password manager is opaque to the RP (relying party) until a credential is returned.

Google Password Manager

Google Password Manager stores, serves and synchronizes passkeys on Android and Chrome. Google Password Manager is enabled by default as a passkey provider on Android and available for all apps including Chrome and other browsers. Chrome on desktop operating systems (Windows, macOS, Linux and ChromeOS) comes with Google Password Manager support as well.

When a user creates a passkey with Google Password Manager, it's synchronized and end-to-end encrypted. If the first passkey for Google Password Manager is created on desktop, Chrome asks to create a Google Password Manager PIN and it will be used. The user needs to sign in to their Google Account and enter their Android device screen lock or Google Password Manager PIN to decrypt a synced passkey on a new environment.

Chrome asks for a Google Password Manager PIN
Figure 1: A dialog displayed when Chrome asks for a Google Password Manager PIN.

Passkey support on Android

Credential Manager

Android apps support passkeys through the Credential Manager Jetpack library. Credential Manager handles different credential types such as passkeys, passwords and identity federation. Passkeys are supported on devices that run Android 9 (API level 28) or higher. Passwords and Sign in with Google are supported starting with Android 4.4.

On many devices, Credential Manager stores passkeys to Google Password Manager by default. Users can choose other password managers as its passkey providers in the System Settings on Android 14 or higher.

Users can choose a passkey provider in Android System Settings
Figure 2: Users can choose a passkey provider in Android System Settings.

The user can choose to sign in using a passkey stored on another device. For example, when a passkey is stored on an iPhone and the user is trying to sign in on an Android app that doesn't have a passkey on it, the user can choose to "use a different phone or tablet" to show a QR code on the Android device, then scan it using the iPhone and authenticate cross-device.

QR code dialog is displayed for a cross-device passkey sign-in
Figure 3: QR code dialog is displayed for a cross-device passkey sign-in.

Passkey support on Chrome

Chrome on Android, macOS, Windows, Linux and ChromeOS stores and authenticate with passkeys on Google Password Manager by default. Chrome on iOS or iPadOS can store and authenticate with passkeys on Google Password Manager by enabling it in the System Settings.

Touch ID based passkey sign-in on Chrome on macOS
Figure 4: Touch ID based passkey sign-in on Chrome on macOS.

Chrome on all platforms supports cross-device authentication. To use a passkey from your Android or iOS device, select the appropriate option when asked. To learn more about cross-device authentication user experience, read Sign-in with a phone.

Android iOS/iPadOS macOS Windows Linux ChromeOS
Google Password Manager 1 2
Cross-device authentication
Supported, 1 Requires iOS/iPadOS 17 or higher, 2 Requires TPM,

Android

Chrome on Android OS 9 or higher supports passkeys. Passkeys created in Chrome on Android are stored in the Google Password Manager. Google Password Manager syncs passkeys and makes them available on other platforms as well.

On Android 14 or higher, passkeys on Chrome on Android can be created and stored in any password manager that's selected in the System Settings as a passkeys provider.

iOS / iPadOS

Chrome on iOS/iPadOS 16 or higher support passkeys. Passkeys created on iOS/iPadOS are stored to the iCloud Keychain or the Password app by default. Users on iOS/iPadOS 17 or higher can set Chrome as an autofill provider in the System Settings to store passkeys to the Google Password Manager.

macOS

Chrome on macOS supports passkeys. Passkeys created in Chrome on macOS can be stored in the Google Password Manager or in iCloud Keychain (macOS 13.5 or higher). Passkeys in iCloud Keychain are synchronized across the user's Apple devices and can be used by other browsers and apps.

Chrome on macOS can also store passkeys on Chrome profile if the user chooses to, which aren't synchronized to other environments.

Windows

Chrome on Windows that has TPM supports passkeys. Passkeys created in those environments are stored in the Google Password Manager.

If the Windows device doesn't have TPM and is Windows 10 19H1 or higher, Chrome creates passkeys on Windows Hello. Windows Hello stores passkeys locally and does not synchronize them.

Linux

Chrome on Linux supports passkeys. Passkeys created in Chrome on Linux are stored in the Google Password Manager.

ChromeOS

Chrome on ChromeOS supports passkeys. Passkeys created in Chrome on ChromeOS are stored in the Google Password Manager.