Customer Support

There are a few ways to help ensure customers are set up for success with regard to passkeys. You can use FAQ pages, a contact us option, videos, or a website.

FAQ Guidelines

As users encounter new authentication methods like passkeys, their understanding, trust, and comfort play a crucial role in adoption. During usability and content testing, several key themes consistently emerged around how people interpret security, navigate technical explanations, and engage with help content. The following recommendations distill these insights into actionable guidance for designing user-facing content that is clear, approachable, and confidence-building.

Use a confident and calming tone to build trust

A reassuring tone increases user confidence and makes passkeys feel more approachable. Open with affirming, supportive language to immediately reduce user hesitation. Use direct and positive phrases like Yes, definitely or No need to worry especially when addressing sensitive topics like security or account recovery.

Ground technical concepts in familiar language and examples

Users feel more confident adopting passkeys when the explanations connect to what they already know and do. Translate abstract terms into everyday references. Use examples of common behaviors (for example, like using your fingerprint or PIN) to explain how passkeys work.

Be specific about benefits, especially around security

Security claims can seem vague or untrustworthy unless backed by clear reasoning. Specifics help build credibility and user confidence. Don’t just say a passkey is secure or phishing resistant, explain how and why. Use plain language to describe what protections are in place and when they apply.

Clearly explain continuity across devices and platforms

Loss or transition scenarios often cause the most anxiety. Clear communication reduces fear and supports seamless onboarding or migration. Tell users exactly what to expect when switching devices, syncing data, or recovering from loss. Name familiar services to anchor expectations.

Web based FAQ examples

The following is a list of question and answers you might want to provide for your customers. This list is not inclusive of all the needs of your customer. Therefore it is best practice to examine customer needs and add questions and answers as needed.

Getting to know passkeys

What is a passkey?

A passkey is a digital key that unlocks your account - like a password, but safer and easier. The main goal is to make signing in faster, much easier (no memorizing passwords!), and automatically safer for you. You use your passkey by unlocking your device with something you already use — like your fingerprint, face, or PIN—instead of typing a password.

Should I use a passkey?

Yes! With passkeys:

Nothing to remember: You approve sign-ins using your device's screen lock (fingerprint, face scan, or PIN) – things you already use.
No typing passwords or waiting for code: Sign-ins are much quicker because you don’t need to type a password or get a code to help you sign in from somewhere else.
Automatic management: Your device handles the secure keys for you; you don't need to worry about creating or storing strong, unique passwords for each site anymore. If you have ever saved a password on your device or to a password manager (like Google Password Manger or Apple’s iCloud Keychain), then the experience will be familiar to you.
Built-in security: Passkeys are difficult to hack or steal as they have built in protections for the most common kinds of attacks (like phishing attacks).

How do passkeys work?

When you create a passkey for a website or app, your device and the website each get a unique piece of a matching pair, like a unique key and a unique lock that only work with each other. Your device holds the key, and the website holds the lock. When you try to sign in, your device and the website check to make sure the key fits the lock. If they fit, you’re signed in.

Passkeys are unique to every website, so you can’t accidentally use the wrong one or be tricked into signing in to the wrong website. This helps make passkeys really secure.

How do passkeys protect my accounts better than passwords?

Passwords have common problems: they can be stolen from websites, guessed by hackers, or you can be tricked into entering them into fake sign-in pages (phishing). Passkeys are designed to solve these issues:

Phishing resistance: Your passkey is tied to one website and can’t be tricked into working somewhere else. Even if you click a fake link, your passkey won’t sign you in because it checks that the site is real before it works, you don’t have to do anything extra.
Built-in security: Your passkey is stored safely on your device and never shared with websites. Even if a website gets hacked, there’s nothing useful for attackers to steal without your device.
Unique for every website: Each passkey only works for one website, so you don’t have to worry about reusing your passkey across services.

Are passkeys considered multi-factor authentication?

Yes, passkeys considered multi-factor authentication and that’s part of what makes passkeys so secure and convenient. Passkeys offer built-in multifactor security by combining two factors: something you have (your device) and something you are or know (like your fingerprint, face, or device PIN). This means you get strong protection without needing to remember passwords.

Even if you worry about a passkey being accessed through a compromised account password, service providers add extra layers of projections, not just your password, before restoring a passkey to your device, helping keep your account safer.

Using Passkeys Across Devices

Yes, definitely. Accessing your accounts across your devices is designed to be easy. Your passkeys are typically synced securely and automatically through your main cloud account (like your Google Account, Apple iCloud Keychain, or Microsoft Account) or some password managers (like 1Password, Dashlane). A passkey made on one device often just shows up ready to use on your other devices. When you use a synced passkey on a different device (for example, your laptop), you'll simply use that device's screen lock (like its PIN or fingerprint reader) to sign in.

You can still use your phone's passkey securely on a different or shared device (like a library kiosk or a new computer):

On the shared computer, start signing in and choose the option to use a passkey from your phone (it might show a QR code).
Scan the QR code with your phone.
Approve the sign-in on your phone using your screen lock.

You'll be signed in on the other computer, but your passkey stays safely on your phone. It only grants permission to sign in for that one time.

Is it safe for passkeys to be synced across devices?

Yes, passkey syncing is end-to-end encrypted, meaning only you can access your passkeys, even as they move between devices. Your trusted cloud service (like Google Password Manage or Apple iCloud Keychain) also apply strong account security protection to keep your information safer. Whether a passkey is stored on one device or synced across many devices, phishing resistance is maintained at sign-in, and with passkey-only authentication, there are no passwords to steal.

If you still have your old device, you can simply use your passkey to sign in using a QR code to your account on the new device. Once you’re signed in, you’ll have the option to create a new passkey for the new device. This makes future sign-ins even easier; you’ll be able to sign-in with your new device’s screen lock (like fingerprint, face, or PIN) without needing to scan a QR code.

Refer to If I create a passkey on my phone, can I still easily sign in to that account on my computer or tablet? for more information.

If you do not have the old device or a security key, you can use the account recovery steps to sign in.

Refer to My passkeys live on my device. What happens if I lose my phone or it breaks? Am I locked out? for more information.

Account recovery and lost devices

My passkeys live on my device. What happens if I lose my phone or it breaks? Am I locked out?

No need to worry about being locked out! Your passkeys are securely backed up online via your main account (Google Account, Apple iCloud, Microsoft Account). When you set up a new device and sign back into that same account, your passkeys will be restored automatically and available immediately, allowing you to access your accounts just like before. If you use a password manager like Bitwarden, 1Password, Dashlane etc - just sign in to that account and you’ll have access to your passkey.

Security and privacy details

Is my biometric information safe?

Yes, your biometric information stays securely on your device and is never shared with any remote servers. Only a simple confirmation that the check was successful is sent, keeping your personal data private and protected.

The FIDO Cross-Device Authentication flow, which leverages CTAP 2.2, uses Bluetooth Low Energy (BLE) to verify physical proximity, but does not depend on Bluetooth security properties for the actual security of the sign-in. The CTAP transport, named hybrid, uses an additional layer of standard cryptographic techniques — on top of standard Bluetooth security properties — to protect data.

Can FIDO security keys support passkeys?

Yes. FIDO security keys support single-device passkeys. All client platforms and browsers have native support to exercise security keys.

Compatibility and availability

What is the availability of passkeys across various OS platforms?

Availability of built-in passkeys that automatically synchronize to all of your devices is gaining in popularity.

Apple announced support for iOS 16 in Sep 2022, and for iPadOS 16 and macOS Ventura in Oct 2022.
Google announced support for Android starting October 2022 and plans passkey support in ChromeOS by 2023.
Microsoft announced passkeys support for Windows Insider builds and is expected to deliver broader passkey support later in 2023 and throughout 2024.

Most platforms already support sign-in with a passkey from a nearby device such as a mobile phone or security key. These include:

Microsoft Edge and Google Chrome on Windows
Edge, Safari and Google Chrome on macOS
ChromeOS

Passkeys are accessed using the same WebAuthn API which has been available across all the platforms and browsers since 2018. The cross-device sync of passkeys is managed transparently by the OS.

Contact us option

Provide a way for customers to get help with passkeys via email, chat, or phone.

FAQ Guidelines​

Use a confident and calming tone to build trust​

Ground technical concepts in familiar language and examples​

Be specific about benefits, especially around security​

Clearly explain continuity across devices and platforms​

Web based FAQ examples​

Getting to know passkeys​

What is a passkey?​

Should I use a passkey?​

How do passkeys work?​

How do passkeys protect my accounts better than passwords?​

Are passkeys considered multi-factor authentication?​

Using Passkeys Across Devices​

If I create a passkey on my phone, can I still easily sign in to that account on my computer or tablet?​

What if I need to sign in somewhere my passkey hasn't synced, like a library computer or a friend's device?​

Is it safe for passkeys to be synced across devices?​

How can I switch to a new mobile platform as the sign-in device (for example, from android to iOS or vice versa)?​

Account recovery and lost devices​

My passkeys live on my device. What happens if I lose my phone or it breaks? Am I locked out?​

Security and privacy details​

Is my biometric information safe?​

What security is in place when I perform a cross-device authentication sign-in with a QR code on a nearby device using Bluetooth?​

Can FIDO security keys support passkeys?​

Compatibility and availability​

What is the availability of passkeys across various OS platforms?​

Contact us option​

Founding underwriters