This blog posts helps to understand common passkey error (messages), what their causes are and how theses passkey problems can be solved.
Our mission is to make the Internet a safer place and passkeys provide a superior solution to achieve that. That's why we want to keep you updated with the latest industry insights here.
1. Introduction#
Passkeys are rapidly becoming the standard for secure and seamless user authentication.
Major tech players like Amazon,
WhatsApp, Coinbase, and
TikTok have already embraced this technology, with others like
Facebook, LinkedIn, and
X/Twitter soon to follow. However, as with any emerging
technology, there are still some UI / UX concepts, like error messages, that are new to
end users. Users often face passkey issues like
"there are no matching passkeys" or
"passkeys not working". Moreover, many
relying parties define their own error messages, as there are
not too many best demonstrated practices (apart from
FIDO alliance's UIX guidelines). In some cases,
if a service reports that "there aren't any passkeys on this device," it may be necessary
to double-check your device settings, as modern passkey solutions aim to eliminate this
confusion.
Passkeys represent a paradigm shift in authentication, moving authentication in general
from the backend to the frontend, as passkeys interact
via operating system APIs with a device's secure enclave,
TPM, or TEE.
As a result, effective user communication and error handling become important. Users,
accustomed to traditional authentication methods, now face a learning curve with passkeys.
We've observed frequent passkey errors and a lot of confusion through our interactions on
platforms like X (formerly Twitter) and Reddit. Our goal with
this article is to help more users when facing these passkey problems. We'll analyze the
common passkey issues and offer practical solutions, thereby enhancing user experience and
confidence in passkeys. If you ever find that a "google passkey
not working" on your device, consider verifying your browser or system updates.
2. How Do Passkeys Work?#
Passkeys represent a huge step in
passwordless authentication, utilizing the
WebAuthn API, and are backed by the
FIDO Alliance and the World Wide Web Consortium (W3C).
Moreover, passkeys are grounded in the principles of public-key cryptography.
Want to try passkeys yourself in a passkeys demo?
Try Passkeys
Imagine creating an account where your device autonomously
generates a unique pair of public and private keys.
These keys are linked, much like a custom-made key tailored for a specific lock. For
successful authentication, both elements are essential.
The fascinating part? The public key is the only component shared with a website or app
(the relying party). The private key, on the other hand,
remains securely on your device.
The authentication process is very user-friendly. When you attempt to sign in, the website
or app sends a challenge. This is where your part comes in: by utilizing your device's
biometrics or PIN (e.g. via Face ID, Touch ID or
Windows Hello), you unlock your private key. Your device then
utilizes this key to sign the challenge, sending this signature back for verification. The
website or app, with the public key at its disposal, confirms the authenticity of this
signature.
What makes this process truly seamless is its speed and transparency. From a user
perspective, you're merely verifying your identity via Face ID.
Meanwhile, under the hood, this sophisticated mechanism efficiently validates your
credentials, granting access to your account.
3. Passkey Requirements#
3.1 iOS or macOS#
iCloud Keychain Enabled:
For users on Apple devices utilizing Safari, iCloud Keychain
must be enabled to use passkeys. This is essential for password sharing and
synchronization across devices. To set up iCloud Keychain,
navigate to your device's settings, select your Apple ID, go to iCloud, and then enable
iCloud Keychain (read more
here).
On iCloud accounts with Keychain enabled, the underlying iCloud account is enforced to be
MFA protected by Apple.
iOS 16 or macOS Ventura Required:
Passkeys are supported on devices running iOS 16 or
later, or macOS Ventura or later. These newer operating systems include enhanced security
features necessary for passkey functionality. Users should ensure their devices are
updated to these versions or higher (read more
here).
Subscribe to our Passkeys Substack for the latest news.
Subscribe
3.2 Windows#
Windows Hello Setup:
On Windows 10+ devices, Windows Hello must be configured to use
passkeys (see here for more details on the
passkey support of different Windows versions).
Windows Hello is a biometric-based technology that enables
users to authenticate secure access to their devices and applications using a fingerprint,
facial recognition, or a PIN. To set up Windows Hello, go to
Settings, then Accounts, and under Sign-in options, follow the prompts for setting up
Windows Hello (read more
here).
3.3 Android#
Android Version 9 or Later:
Passkey support requires at least Android 9. This
is because newer Android versions have better
integration with security features like biometrics and secure hardware storage, which are
crucial for passkeys.
Google Play Services Updated:
Ensure that Google Play Services is up-to-date, as it plays a critical role in managing
security and authentication processes on Android
devices. If you experience issues where "google passkey not
working" properly on your Android, checking updates and configurations in Google Play
Services may resolve the problem.
Besides, on all platforms, ensure that the web browser being used is updated to the latest
version. Browsers like Safari, Chrome, and Edge often release updates that improve
security features, including passkey support.
4. Common Passkey Errors, Their Causes and Troubleshooting#
The following list consists of typical passkey errors. Besides providing the cause of the
error, a potential solution that has worked for others is given:
Error Message: To save a passkey, you need to enable iCloud Keychain. You can enable Keychain in the Apple ID pane of System Settings#

- Cause: This error occurs when iCloud Keychain, which is
required to store passkeys on Apple devices, is not enabled.
- Solution: Enable iCloud Keychain by going to the Apple ID pane in System Settings.
Ensure it's properly set up to sync passkeys across your devices.
Error Message: There are no matching passkeys / There are no matching passkeys saved in your iCloud Keychain#
- Cause: This error typically occurs when a user tries to access a service using a
passkey that is not stored in their iCloud Keychain or not synchronized across their
devices.
- Solution: Ensure that iCloud Keychain is enabled and properly synchronized across
all devices. Check if the passkey for the specific service is indeed saved in the iCloud
Keychain. If you see the detailed message indicating that "there are no matching
passkeys saved in your iCloud Keychain," make sure to re-enable synchronization on all
devices.
Become part of our Passkeys Community for updates & support.
Join
Error Message: No passkeys available. There aren't any passkeys for Relying Party on this device#

- Cause: No passkey can be found on the current device and the WebAuthn server does
not allow any cross-platform passkey authentication.
This error message reinforces that "no passkeys available" if the authentication system
cannot detect one, and it may display a prompt such as "there aren't any passkeys on
this device."
- Solution: Verify if a passkey exists on your device. If you have deleted the passkey
locally or on the client-side (e.g. in your iCloud Keychain settings or
Google Password Manager settings), you also need to
delete the passkey server-side in the account settings of your
relying party, so that the system does not continue to expect
its presence.
Error Message: Passkey already exists (or similar error message as it's defined by the relying party)#

- Cause: This message appears when there's an attempt to register a new passkey on a
device that already has one for the same account. Some relying parties restrict that
users can only have one passkey per device (or ecosystem, e.g. synced iCloud Keychain or
1Passwordpassword manager)
and account. Usually, this setting is defined in the WebAuthn server property
excludeCredentials.
- Solution: Check your device settings to see if a passkey already exists and use it,
or try adding a new passkey from a different device. Alternatively, enter the
relying party’s account settings, delete the existing passkey
for this device and account, and try to create a new one.
Error Message: I'm seeing a QR code#

- Cause: A passkey is tied to a specific account and platform (e.g. the device or a
cloud-synced platform account like iCloud Keychain). If you see a
QR code when attempting to log in using a passkey,
this means that you do not yet have a passkey on the current device/platform that you
are using (but may have had one set up on your iOS
or Android smartphone previously). Another cause is that the server limits the passkeys
that are allowed to be used (via the WebAuthn server property
AllowCredentials) and those passkeys are not available on
your device.
- Solution: If the device you previously made a passkey on has a camera, you may be
able to scan the QR code to log in using that
existing passkey (this is called
passkey cross-platform authentication). If provided,
you should be able to use an alternative authentication method to log in. Once logged
in, you can then set up an additional passkey for the new/current device you’re using in
the relying party’s account settings.
Error Message: Insert your security key into the USB port#

- Cause: This prompt appears when a hardware security key
(e.g. YubiKey) is required for authentication, possibly due to the
lack of a TPM or disabled
Windows Hello. Another cause is that you are on a device that
has no Bluetooth capabilities (e.g. an older desktop machine) and no fitting passkeys
are present on the device.
- Solution: Insert the hardware security key (e.g.
YubiKey) into the USB port. Alternatively, enable Windows Hello if
you wish to authenticate without the hardware security key (a
passkey with Windows Hello needs to be created beforehand).
Error Message: Passkeys not offered#
- Cause: This error often occurs when the Android device that is supposed to use the
passkey does not have the screen lock feature activated. The presence of a screen lock
is a prerequisite for using passkeys in Android for security reasons.
- Solution: To resolve this issue, enable the screen lock feature on your Android
device. This can typically be done through the security settings of the device. Once the
screen lock is activated, try using the passkey again.
Error Message: Couldn't create your passkey / Error while creating Passkey / Error while generating passkey#

- Cause: This error can arise due to several reasons such as a glitch in the
application or software you are using, a temporary server issue, or incompatible device
settings.
- Solution: Restart the application or device and try generating the passkey again. If
the problem persists, check for any available updates for the application or your
device's operating system. If it's a server-side issue, you may need to wait and try
again later.
Error Message: We couldn't find a matching passkey (or similar message from the relying party)#

- Cause: Many error messages like this occur if a passkey has been deleted manually,
whether on the client-side or server-side. Even if your local private key remains,
without the corresponding public key on the server, the error mentioning "we couldn't
find a matching passkey" is triggered.
- Solution: Try to access your account either
from another device or use an alternative login
method that you might have set up earlier. You can then usually create a new passkey in
the account settings.
Error Message: Passkeys not available on this device or browser#
- Cause: This is an error typically indicated by
PayPal or similar platforms, suggesting
that the device or browser being used does not support or have the functionality to
create or use passkeys.
- Solution: Ensure that your device and browser are up to date. If the device or
browser inherently does not support passkeys, consider switching to a compatible one.
Error Message: Something went wrong. There was a problem signing in with your passkey.#

- Cause: This could be due to an incorrect passkey entry, temporary communication
issues between the server and your device, or a malfunction in the authentication
process.
- Solution: Double-check the passkey you are entering. If correct, try again after a
short while. If the problem continues, check your internet connection or consider
resetting your passkey if possible.
Error Message: Something went wrong. The request timed out.#

- Cause: This error typically occurs when the server takes too long to respond,
possibly due to network connectivity issues or high server load.
- Solution: Check your internet connection to ensure a stable and strong signal. If
the connection is fine, the issue might be on the server side, in which case you should
try again later when the server is less busy.
4. Conclusion#
Passkeys are paving the way towards a more secure, user-friendly digital landscape. By
leveraging the power of public key cryptography, they
eliminate traditional password vulnerabilities, offering a
robust and seamless authentication experience. As we move forward, understanding and
troubleshooting common passkey errors becomes crucial. This knowledge not only enhances
user confidence but also fosters wider adoption. If you
want to stay up-to-date about all news around passkeys (including passkey error handling
and passkey troubleshooting), join our
passkeys community on Slack or subscribe to our
passkeys Substack.