Six Colors
Six Colors

by Jason Snell & Dan Moren

This Week's Sponsor

End users aren't your enemy! Kolide gets users to fix their own device compliance problems–and unsecure devices can't log in. Click here to learn how.

By Dan Moren

Apple adds passkeys to Apple ID, iCloud logins

As our resident passkey beat editor, I was glad to see that Apple has now added the ability to log in to your Apple ID or using a passkey instead of your password. The feature’s been rolling out today, and can be tested on devices running the iOS/iPadOS 17 or macOS Sonoma betas.1

Apple ID Passkey

Using this feature on iOS/iPadOS is pretty straightforward: when you go to an Apple website that requires your Apple ID to login, including, the Apple Developer site, or the Apple ID management site, you’ll be asked if you want to sign in and authenticate with Face ID.

On the Mac side, when you enter your Apple ID in a browser, you’ll see a new option to Sign in with iPhone. Clicking this will bring up a QR code that you can scan with an iPhone or iPad, which will in turn authenticate you with Face ID on that device, and then log in on the Mac. I’ve confirmed that it works not only in Safari, but in Chrome on macOS Sonoma as well.

I do find it a little bit odd that the macOS implementation currently doesn’t seem to let you use Touch ID on your Mac to log in, rather kicking you to verify via your mobile device. On the one hand, that does bestow the additional security of using a second factor—an item that you have—but that’s not required on iOS or iPadOS, which would seem to be at more risk of being lost or stolen.

Another interesting tidbit: I can’t locate the saved passkey in the Passwords section of System Settings on my MacBook Air running Sonoma. This suggests it’s not synced between your devices, but perhaps using a distinct passkey generated on each iOS device. Neither is there an option right now to add such a passkey to a third-party password manager, like 1Password.

I also did test and was able to confirm that failing the Face ID authentication multiple times2 will revert to the device’s passcode, so it doesn’t add any additional security for those worried about someone with their passcode gaining access (or changing) their Apple ID details.

It’s certainly good that Apple is eating its own dog food here, given how much they’ve pushed passkeys, even if the implementation does seem a bit odd.3 While this may not provide as much additional security as the hardware security key support added earlier this year, it’s decidedly easier to use.

  1. I’ve verified that it also seems to work on macOS Ventura in some cases—specifically via third-party browsers like Chrome and Arc. 
  2. Which I achieved through the very scientific method of “putting my finger over the Face ID camera.” 
  3. Granted, every company seems to take a different approach to introducing users to passkeys at present, which is one thing that may slow adoption of the technology. 

[Dan Moren is the East Coast Bureau Chief of Six Colors. You can find him on Mastodon at or reach him by email at His latest novel, the supernatural detective story All Souls Lost, is now available for pre-order.]

If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.

Search Six Colors