No more passwords, ever. That was the pitch. Just a fingerprint or a face scan, and you're in. Passkeys have been shipping in every major browser and operating system for over two years now, and I've tried to go password-free since late 2024. My experience has been genuinely mixed; the technology works, but living with it day-to-day across multiple devices is still, honestly, kind of annoying. So why does something this promising still feel so frustrating to use?
The technology isn't the problem
Here's the basic idea behind passkeys: instead of sending a password to a website (where it can be stolen), your device keeps a secret key that never leaves your phone or laptop. When you log in, your device proves it has the right key without actually sharing it. Nothing gets sent over the internet that a hacker could grab. If the website gets breached, your login isn't sitting in the stolen data. Phishing doesn't work either, because the key only talks to the real website. It's a real improvement, not an incremental one. So where does it go wrong? Implementation.
Apple, Google, and Microsoft each built their own passkey systems, and they're just different enough to make switching between them painful. I tried registering a passkey for a financial service on Safari last month, then logging in from Chrome on my Windows desktop. What I got was a QR code asking me to scan with my iPhone.
A QR code. To log into my bank. That's the kind of six-step workaround that makes you wonder whether anyone at these companies has actually tried using their own product the way normal people would. It worked, technically. Come on, though. Not simpler than typing a password.
Dashlane ran a study in 2025 and found that 61% of users who encountered a passkey prompt couldn't complete login without help. Sixty-one percent! You can't call something a password replacement when most people can't even get through the front door.
Sync is the real bottleneck
Passwords solved portability decades ago. Pretty much any password manager syncs your stuff across every device you own, regardless of platform. It just works. Passkeys haven't caught up yet.
iCloud Keychain keeps your passkeys in sync across Apple devices. Google Password Manager covers Chrome and Android. The moment you need a passkey from your Android phone on a Windows laptop running Firefox, though? Back to scanning QR codes. Every. Single. Time.
I noticed this pretty quickly after switching; "cross-platform" really meant "works great until you step outside your ecosystem." Third-party managers like 1Password and Dashlane added passkey support in 2024, which helped a lot. Browser support is still hit or miss, though. Bitwarden's passkey feature runs great in Chrome and then fails silently in Firefox on the same machine. Honestly ridiculous.
The FIDO Alliance (the group behind the passkey standard) was supposed to prevent exactly this kind of mess. On paper, they did. In practice, getting Apple, Google, and Microsoft to actually play nice together is the biggest thing holding passkeys back. Frankly, the Alliance should be treating it as an emergency.
Websites keep getting it wrong
Platform fragmentation is only half of it. Individual websites are botching their passkey rollouts in ways that actively push users back to passwords.
GitHub's implementation is excellent. Registration takes thirty seconds, login is instant, fallback is sensible. Then you have Amazon, which added passkeys in 2024 and somehow made it more confusing than typing a password. PayPal has been running a passkey "beta" since mid-2024 with no public timeline. Some services bury the passkey option four screens deep in account settings; others restrict it to certain account tiers. Annoying.
Wait, actually, account recovery might be the worst part. If you lose your phone and you've set up a passkey as your only way to log in, getting back into your account ranges from painful to basically impossible. Most sites handle this by requiring you to keep a backup password anyway, which completely defeats the purpose. Some route you through a support ticket that takes days. Give me a break!
Is it worth the hassle?
Yes. Eighteen months of daily use and my honest answer hasn't changed. On accounts where it's done right (Google, GitHub, Cloudflare), login is instant, I don't worry about my credentials showing up in a data breach, and I haven't had a single phishing scare. Years ago I had two accounts broken into because a password I reused got leaked somewhere; that basically can't happen with passkeys. Not a small upgrade. A fundamental one.
My recommendation: set up passkeys through a cross-platform password manager rather than relying on your phone or laptop's built-in storage. 1Password and Dashlane are your best bets right now. Keep a regular password as backup on any service where recovery seems unclear, and don't bother with passkeys on sites that clearly rushed their setup. You'll know them when you see them.
There's a draft specification for cross-platform passkey sharing working its way through the FIDO Alliance, and browser makers are actively closing the gaps. By late 2026, this should be a lot smoother. Right now, though, passkeys are a genuinely better way to log in, just trapped inside a frustrating experience. Worth the occasional headache? Absolutely. Does the industry need to get its act together? Yeah. Obviously.
