{"id":24218,"date":"2025-06-27T12:39:24","date_gmt":"2025-06-27T16:39:24","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/full-guide-to-passkeys-in-2025-part-2\/24218\/"},"modified":"2026-02-26T16:57:39","modified_gmt":"2026-02-26T12:57:39","slug":"full-guide-to-passkeys-in-2025-part-2","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/full-guide-to-passkeys-in-2025-part-2\/24218\/","title":{"rendered":"Passkeys in 2025: tips for power users"},"content":{"rendered":"<p>So far in our <a href=\"https:\/\/www.kaspersky.com\/blog\/full-guide-to-passkeys-in-2025-part-1\/53688\/\" target=\"_blank\" rel=\"noopener nofollow\">comprehensive guide to passkeys<\/a>, we\u2019ve covered how to ditch passwords on popular combinations of Android, iOS, macOS, and Windows smartphones and computers. This post focuses on important specific cases:<\/p>\n<ul>\n<li>One-time sign-ins to your account from someone else\u2019s device<\/li>\n<li>Tips for frequent computer and smartphone switchers<\/li>\n<li>Ways to secure your account when backup password sign-in is enabled<\/li>\n<li>Potential issues when traveling internationally<\/li>\n<li>What happens when using niche browsers and operating systems<\/li>\n<\/ul>\n<h2>How to use passkeys on public or shared computers?<\/h2>\n<p>What if you need to sign in to your passkey-protected account from a library, an airport computer, or a relative\u2019s home? Don\u2019t rush to remember your backup password.<\/p>\n<p>Start the sign-in process on the computer: enter your username and, if prompted, click <strong>Sign in with passkey<\/strong>. A QR code will appear on the screen for you to scan with the smartphone that stores your passkey. If the scan is successful, the QR code will disappear, and you\u2019ll be signed in to your account.<\/p>\n<p>Several factors must align for this seemingly simple process to proceed smoothly:<\/p>\n<ul>\n<li>The computer must support Bluetooth Low Energy (BLE), which verifies that your smartphone and the computer are indeed nearby.<\/li>\n<li>The computer\u2019s operating system and browser must support passkeys.<\/li>\n<li>Both the computer and your smartphone need a reliable internet connection.<\/li>\n<\/ul>\n<h2>How to save passkeys to a hardware security key?<\/h2>\n<p>You might find using passkeys via QR codes inconvenient if you frequently access your accounts from different devices. If that\u2019s the case, you can store your passkeys not on your computer or smartphone, but on a USB hardware security key\u00a0\u2014 such as a YubiKey, Google Titan Security Key, or a similar device\u00a0\u2014 for secure website sign-in. When you create a passkey, just choose to save it to your hardware key. Then you can sign in to your account from any computer or smartphone by plugging in that security token.<\/p>\n<p>Just make sure it has the right combination of ports (USB-A, USB-C, Lightning) or NFC support to work with all your devices. Some token models even include a fingerprint scanner, which provides an extra layer of protection against account hijacking if your device is stolen or lost.<\/p>\n<p>Unfortunately, there\u2019s a catch: many older and popular token models can store a maximum of only 25 passkeys. Only a few advanced models \u2014 like the YubiKey with firmware version 5.7 \u2014 have raised this limit to 100.<\/p>\n<p>Additionally, operating system developers view passkeys as a great opportunity to tie users more closely to their ecosystems. By default, depending on your smartphone, you\u2019ll likely be prompted to save your passkey to either iCloud Keychain or Google Password Manager. As a result, the option to use a hardware security key might be hidden deep within the interface.<\/p>\n<p>To create a passkey on a hardware token, you\u2019ll often need to click the not-so-obvious <strong>Other options<\/strong> link on macOS\/iOS, or <strong>Different device<\/strong> on Android, to select the hardware key option.<\/p>\n<h2>How to transfer passkeys between iOS and Android?<\/h2>\n<p>The biggest headache right now is if you store all your passkeys in your smartphone\u2019s default storage and you want to switch ecosystems \u2014 moving from Android to iOS or vice versa. Currently, none of the three major OS developers \u2014 Google, Apple, or Microsoft \u2014 let you directly transfer passkeys. That\u2019s because no one can guarantee the process will be secure. Both <a href=\"https:\/\/arstechnica.com\/security\/2025\/06\/apple-previews-new-import-export-feature-to-make-passkeys-more-interoperable\/\" target=\"_blank\" rel=\"nofollow noopener\">Apple<\/a> and <a href=\"https:\/\/www.androidauthority.com\/passkey-import-3540069\/\" target=\"_blank\" rel=\"nofollow noopener\">Google<\/a> are working on implementing this feature in the future, but if you decide to swap devices today \u2014 say, from an iPhone to a Google Pixel \u2014 transferring your passkeys won\u2019t be straightforward.<\/p>\n<ul>\n<li>First, you\u2019ll need to sign in to the account protected by a passkey on your new device. You can do this either by using your good old password (if it\u2019s still enabled), or by scanning a QR code with your <em>old device<\/em> that has the active passkey.<\/li>\n<li>Next, you\u2019ll need to create and save a <em>new<\/em> passkey on your <em>new device<\/em>. Yes, you can have multiple passkeys for each website or online service.<\/li>\n<li>Finally, if you plan to get rid of your old gadget, you\u2019ll need to delete the old passkey from it.<\/li>\n<\/ul>\n<p>To avoid this hassle, it\u2019s best to use a third-party password and passkey manager right from the get-go. With <a href=\"https:\/\/me-en.kaspersky.com\/password-manager?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">Kaspersky Password Manager<\/a>, passkey support is already available on Windows, macOS, Android and iOS.<\/p>\n<h2>How to protect an account with a passkey from being hacked using a backup password?<\/h2>\n<p>Most online services that offer to switch to passkeys don\u2019t disable other sign-in methods. If your account was protected by a weak or compromised password before you switched to a passkey, cybercriminals can still bypass your shiny new passkey by simply signing in with that old password.<\/p>\n<p>Creating a passkey for an account that still has a weak password is like installing a bulletproof front door while leaving the flimsy back door unlocked with the key hidden under the mat.<\/p>\n<p>That\u2019s why, before you enable passkeys for any online service, we strongly recommend changing your password as well. Since you won\u2019t be typing this password every day \u2014 it\u2019s just a backup for your passkey-protected account \u2014 you can really go wild with its complexity. We\u2019re talking strong passwords that are 16 characters or longer, and mixing up letters, numbers, and special characters. These are practically uncrackable. Ideally, generate and save that robust password in <a href=\"https:\/\/me-en.kaspersky.com\/password-manager?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">the same password manager<\/a>\u00a0where you\u2019re planning to store your passkeys. Don\u2019t rely on AI models to generate complex passwords. Our <a href=\"https:\/\/www.kaspersky.com\/blog\/international-password-day-2025\/53355\/\" target=\"_blank\" rel=\"noopener nofollow\">recent research<\/a> revealed that while these passwords might look complex, LLMs tend to favor certain characters for no obvious reason when creating passwords, which makes their output surprisingly predictable.<\/p>\n<h2>Passkey drawbacks?<\/h2>\n<p>The underlying WebAuthn standard that powers passkeys can be implemented quite differently across browsers and operating systems. Websites often adopt these capabilities in their own unique ways. This can lead to frustrating challenges \u2014 even for tech-savvy users. Here are a few examples of this:<\/p>\n<ul>\n<li>When creating passkeys, standard Windows prompts give you plenty of options for where and how to save them. By default, Windows saves passkeys in secure local storage on your computer. If you forget to select your <a href=\"https:\/\/me-en.kaspersky.com\/password-manager?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">password manager<\/a>\u00a0as the save location, that passkey won\u2019t be available on your other devices.<\/li>\n<li>Many online services like Kayak or AliExpress have dozens of regional versions, with each one being a separate website: .com, .com.tr, .co.uk, etc. If you create a passkey for, say, your local site, and then for some reason try to access the same online service in a different region, it\u2019s highly likely you won\u2019t be able to sign in with that passkey.<\/li>\n<li>Some websites don\u2019t support creating or signing in with passkeys when using Firefox, regardless of the platform. In reality, there\u2019s no technical incompatibility here, and <a href=\"https:\/\/community.bitwarden.com\/t\/passkeys-firefox-paypal\/59899\" target=\"_blank\" rel=\"nofollow noopener\">simple tricks<\/a> can resolve the issue, but it\u2019s unclear why users should have to resort to these workarounds.<\/li>\n<li>Some Apple users have reported that <a href=\"https:\/\/fy.blackhats.net.au\/blog\/2024-04-26-passkeys-a-shattered-dream\/\" target=\"_blank\" rel=\"nofollow noopener\">all their previously saved passkeys periodically disappear from their Keychain<\/a>, while certain Android users can\u2019t activate passkeys without re-flashing or <a href=\"https:\/\/forum.dfinity.org\/t\/android-device-lost-access-to-passkey-for-the-nns-internet-identity-after-software-update\/28010\" target=\"_blank\" rel=\"nofollow noopener\">factory-resetting<\/a> their devices.<\/li>\n<\/ul>\n<p>Any one of these situations is made worse by the fact that errors when creating or signing in with passkeys are either not mentioned at all in help documentation, or described very vaguely. It\u2019s often completely unclear how to fix the problem. However, when passkey issues arise, websites almost always offer a backup option, such as sending a one-time access code to your email.<\/p>\n<p>Despite these challenges, a passwordless future with passkeys is on the horizon. We recommend getting ready now by creating passkeys wherever possible, saving them in your <a href=\"https:\/\/me-en.kaspersky.com\/password-manager?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">password manager<\/a>, and remembering to check and update your passwords and contact information on websites to make sure you can recover access if your passkeys ever give you trouble.<\/p>\n<blockquote><p>Want to read more about passwords and passkeys?<\/p>\n<ul>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/16-billion-passwords-leak-2\/53670\/\" target=\"_blank\" rel=\"nofollow noopener\"><strong>16 billion passwords leaked: what should I do?<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/trojan-password-manager-keepass-lessons\/53508\/\" target=\"_blank\" rel=\"noopener nofollow\"><strong>Lessons learned from the trojanized KeePass incident<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/new-design-kaspersky-password-manager\/52619\/\" target=\"_blank\" rel=\"noopener nofollow\"><strong>Kaspersky Password Manager gets a new look<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-set-up-passkeys-in-google-account\/49515\/\" target=\"_blank\" rel=\"noopener nofollow\"><strong>Passkeys for your Google account: what, where, how, and why<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/2024-password-and-otp-requirements-nist-sp-800-63\/52544\/\" target=\"_blank\" rel=\"noopener nofollow\"><strong>Password standards: 2024 requirements<\/strong><\/a><\/li>\n<\/ul>\n<\/blockquote>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kpm-download\">\n","protected":false},"excerpt":{"rendered":"<p>This guide dives into using passkeys to sign in from someone else&#8217;s computer, storing them on a removable device, and transferring between devices.<\/p>\n","protected":false},"author":2722,"featured_media":24219,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[2088,1047,14,16,2559,21,22,1021,2707,187,805,2794],"class_list":{"0":"post-24218","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-tips","9":"tag-2fa","10":"tag-apple","11":"tag-chrome","12":"tag-fido","13":"tag-firefox","14":"tag-google","15":"tag-kaspersky-password-manager","16":"tag-passkeys","17":"tag-passwords","18":"tag-settings","19":"tag-two-factor-authentication"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/full-guide-to-passkeys-in-2025-part-2\/24218\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/full-guide-to-passkeys-in-2025-part-2\/28989\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/full-guide-to-passkeys-in-2025-part-2\/12555\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/full-guide-to-passkeys-in-2025-part-2\/29099\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/full-guide-to-passkeys-in-2025-part-2\/28299\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/full-guide-to-passkeys-in-2025-part-2\/31130\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/full-guide-to-passkeys-in-2025-part-2\/29822\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/full-guide-to-passkeys-in-2025-part-2\/39970\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/full-guide-to-passkeys-in-2025-part-2\/13522\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/full-guide-to-passkeys-in-2025-part-2\/53724\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/full-guide-to-passkeys-in-2025-part-2\/22949\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/full-guide-to-passkeys-in-2025-part-2\/23979\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/full-guide-to-passkeys-in-2025-part-2\/32400\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/full-guide-to-passkeys-in-2025-part-2\/29320\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/full-guide-to-passkeys-in-2025-part-2\/35026\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/full-guide-to-passkeys-in-2025-part-2\/34666\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/passwords\/","name":"passwords"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=24218"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24218\/revisions"}],"predecessor-version":[{"id":25310,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24218\/revisions\/25310"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/24219"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=24218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=24218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=24218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}