Yes, passkeys are supported by pwSafe, provided you are using a recent version of your OS and pwSafe:
For iOS, you need iOS 17.0 (or later) and pwSafe version 11.1.0 (or later).
For macOS, you need macOS 14.0 (or later) and pwSafe version 11.1.3 (or later).
What is a passkey?
A passkey is a secure way to sign in to websites and apps without using a password. It works by linking your account to a unique digital key stored on your device, making it easier and safer to log in.
Since passkeys can't be guessed or stolen like passwords, they help protect your information from hackers.
If you want to learn more about passkeys, please visit https://fidoalliance.org/passkeys/ for an introduction to passkeys, or Wikipedia for more in-depth information. The official specification is available on the W3C website.
Enabling passkey support
Passkey support is integrated in pwSafe's AutoFill extension. Make sure you have AutoFill enabled as explained on this page for iOS and this page for macOS, and you are ready to use passkeys!
Creating a passkey
The process to create a passkey must be initiated by the website/application being protected. This triggers iOS/macOS to prompt for your approval
after which the familiar interface of pwSafe appears allowing you to select an entry in your safe into which the passkey will be saved.
Note: at this moment it is not possible to create a new entry in your safe while creating a passkey. That will be added in a future update.
If the entry does not have existing values for the Username or URL, that field will be filled with information taken from the passkey.
If the entry holds a previously created passkey, the old passkey will be overwritten.
Using a passkey
Like creating, the process to sign in using a passkey must be initiated by the website/application being protected. This will trigger iOS/macOS to ask if you want to use your passkey
After your approval, and unlocking your safe (using Face/Touch ID if setup or manually), pwSafe will use the previously created passkey to digitally sign the login request.
Deleting a passkey
You can easily remove a passkey from an entry in pwSafe:
- Open the details of the entry
- Tap the Edit button
- Tap the Trash icon next to the passkey
Experimenting with passkeys
The screenshots in this article were created using passkeys.io, a great site to get acquainted with using passkeys.
Platform compatibility
Passkeys are stored in your safe using the official Password Safe format ensuring cross-platform compatibility. Of course, the program you use to unlock your safe needs to have passkey support before you can actually make use of passkeys stored in your safe.
Note that you can safely use any program that supports the Password Safe format to access your safe on another platform, even if it has no support for passkeys. Passkeys stored in your safe will be left untouched.
At the time of this writing, pwSafe is the first program to support passkeys as described above.
Cryptographic algorithm
pwSafe uses ES256 passkeys supported by most (if not all) websites/applications. If you encounter a website/application that does not accept ES256 passkeys, please let us know by leaving a comment below.
Why does website XYZ indicate “Unknown Passkey Provider”?
When using your passkey, you might see a message indicating that the provider is "unknown". This simply means that pwSafe hasn’t been officially registered in a global database yet.
Is my passkey secure? Absolutely! pwSafe is designed with strong security measures to protect your identity. The "unknown provider" message does not mean your passkey is unsafe—it just means pwSafe hasn’t been listed in a public reference yet. Your authentication remains private, secure, and fully functional.
Will this affect my ability to sign in? No, your passkey works as intended. In the future, the provider may be recognized, but even now, it meets all necessary security standards for safe authentication.
Comments
6 comments
50166 is a macOS build, so I assume you are on macOS.
As detailed above, this feature made it into the iOS version. The macOS version will follow soon, I am actually working on that now. There is one change that needs to be made first (as passkey support depends on it) which should be in 11.1.1 and I expect 11.1.2 to deliver passkey support on macOS.
Do you have an iPhone to test the iOS support?
Excellent, thanks for confirming that!
For completeness: 11.1.2 contains a quick-fix only, so macOS passkey support is now expected to appear in 11.1.3.
Great to see support for Passkeys is now available.
Note requirement for iOS 17+,
If a device running iOS 16 is linked to a safe containing passkeys will any conflicts arise from it reading or writing to the safe after passkeys have been activated.
No conflicts whatsoever. The pwSafe app will show the presence of the passkey in the entry, it is just iOS/Safari that is unable to use it as Apple added passkey support in iOS 17.
It is also perfectly fine to use an older pwSafe version (e.g. on an old iPhone). Pre-11.1 version will not show the presence of the passkey, but will not touch them either.
Version 11.1.3 has been submitted to Apple for approval, should normally arrive within 1-2 days. This will bring passkeys support to macOS too!
Please sign in to leave a comment.