Passkey support on Android and Chrome

Passkeys are created on, saved to, and synchronized across devices through a password manager. For example, passkeys created on a website on Chrome on Android are stored to the Google Password Manager by default, and then synchronized to different environments where Google Password Manager is available, such as Chrome on macOS, Windows, Linux and ChromeOS. The user can choose which password manager to store a passkey to or to authenticate a passkey from depending on the environment. The user's password manager is opaque to the RP (relying party) until a credential is returned.

Google Password Manager

Google Password Manager stores, serves and synchronizes passkeys on Android and Chrome. Google Password Manager is enabled by default as a passkey provider on Android and available for all apps including Chrome and other browsers. Chrome on desktop operating systems (Windows, macOS, Linux and ChromeOS) comes with Google Password Manager support as well.

When a user creates a passkey with Google Password Manager, it's synchronized and end-to-end encrypted. If the first passkey for Google Password Manager is created on desktop, Chrome asks to create a Google Password Manager PIN and it will be used. The user needs to sign in to their Google Account and enter their Android device screen lock or Google Password Manager PIN to decrypt a synced passkey on a new environment.

Chrome asks for a Google Password Manager PIN
Figure 1: A dialog displayed when Chrome asks for a Google Password Manager PIN.

Passkey support on Android

Credential Manager

Android apps support passkeys through the Credential Manager Jetpack library. Credential Manager handles different credential types such as passkeys, passwords and identity federation. Passkeys are supported on devices that run Android 9 (API level 28) or higher. Passwords and Sign in with Google are supported starting with Android 4.4.

On many devices, Credential Manager stores passkeys to Google Password Manager by default. Users can choose other password managers as its passkey providers in the System Settings on Android 14 or higher.

Users can choose a passkey provider in Android System Settings
Figure 2: Users can choose a passkey provider in Android System Settings.

The user can choose to sign in using a passkey stored on another device. For example, when a passkey is stored on an iPhone and the user is trying to sign in on an Android app that doesn't have a passkey on it, the user can choose to "use a different phone or tablet" to show a QR code on the Android device, then scan it using the iPhone and authenticate cross-device.

QR code dialog is displayed for a cross-device passkey sign-in
Figure 3: QR code dialog is displayed for a cross-device passkey sign-in.

Passkey support on Chrome

Chrome on Android, macOS, Windows, Linux and ChromeOS stores passkeys to Google Password Manager. Chrome on iOS or iPadOS stores passkeys to iCloud Keychain by default. On authentication, Chrome suggests signing in with a passkey stored to one of password managers available on Chrome.

Touch ID based passkey sign-in on Chrome on macOS
Figure 4: Touch ID based passkey sign-in on Chrome on macOS.

Chrome on all platforms supports cross-device authentication. To use a passkey from your Android or iOS device, select the appropriate option when asked. To learn more about cross-device authentication user experience, read Sign-in with a phone.

Android macOS iOS/iPadOS Windows Linux ChromeOS
Google Password Manager 1
Cross-device authentication
Supported, Planned, 1 Requires TPM,

Android

Chrome on Android OS 9 or higher supports passkeys. Passkeys generated in Chrome on Android are stored in the Google Password Manager. Google Password Manager syncs passkeys and makes them available on other platforms as well.

On Android 14 or higher, passkeys on Chrome on Android can be created and stored in any password manager that's selected in the System Settings as a passkeys provider.

iOS / iPadOS

Chrome on iOS 16 and iPadOS 16 or higher support passkeys. Passkeys generated in Chrome on iOS and iPadOS are stored in the iCloud Keychain. iCloud Keychain syncs passkeys and makes them available on other Apple devices where the user is signed in with their Apple account.

Windows

Chrome on Windows that has TPM supports passkeys. Passkeys generated in those environments are stored in the Google Password Manager.

If the Windows device doesn't have TPM and is Windows 10 19H1 or higher, Chrome creates passkeys on Windows Hello. Windows Hello stores passkeys locally and does not synchronize them.

macOS

Chrome on macOS supports passkeys. Passkeys generated in Chrome on macOS can be stored in the Google Password Manager or in iCloud Keychain (macOS 13.5 or higher). Passkeys in iCloud Keychain are synchronized across the user's Apple devices and can be used by other browsers and apps.

Chrome on macOS can also store passkeys on Chrome profile if the user chooses to, which aren't synchronized to other environments.

Linux

Chrome on Linux supports passkeys. Passkeys generated in Chrome on Linux are stored in the Google Password Manager.

ChromeOS

Chrome on ChromeOS supports passkeys. Passkeys generated in Chrome on ChromeOS are stored in the Google Password Manager.