Can I use passkeys locally on a Mac without iCloud?
Whenever I try it says : to save a passkey you need to enable icloud keychain. I don't use icloud. I only want my secret keys on my local machine.
@Tesseract on this site Can I use passkeys locally on an iMac wit… - Apple Community
says I can do this, but I can't see how.
MacBook Pro (M4, 2024)
The posting you refer to relates to macOS 14 Sonoma and things have changed since then
1 - Use a hardware security key (e.g., YubiKey, SoloKey)
These work offline and are not synced anywhere.
With a FIDO2/WebAuthn security key, you can:
2 - Use a third-party password manager with its own passkey storage
The posting you refer to relates to macOS 14 Sonoma and things have changed since then
1 - Use a hardware security key (e.g., YubiKey, SoloKey)
These work offline and are not synced anywhere.
With a FIDO2/WebAuthn security key, you can:
2 - Use a third-party password manager with its own passkey storage
@Tesseract on this site Can I use passkeys locally on an iMac wit… - Apple Community
says I can do this, but I can't see how.
That post was on Sonoma. I don’t know if it actually worked then, but it doesn’t now. Passkeys require iCloud Keychain.
kk-hh wrote:
I am well aware that passkeys are more secure.
But apparently not aware that they're driven by more than just a web browser.
So it is not possible to use passkeys without them being copied into the cloud?
That depends entirely on what app is managing your passkeys. With the native Passwords app, they are stored (encrypted) in and synced via the cloud. The 3rd party options that I quickly looked at all backup to a cloud account as well, not sure if that feature can be disabled, and maybe there are some that only store locally.
You are saying it's not possible to use a passkey without dedicated hardware? Dedicated hardware like Apple's T2? But I still can't have a passkey stored only locally on my computer?
They're always stored locally (by Apple, in the Secure Enclave; technically it's the private key that's stored locally). They are just securely synced via the iCloud Keychain from one device to others (and on the other device, a new hardware-specific private key is generated and that is stored in the device's Secure Enclave). I have no idea where local storage of passkey private keys by 3rd party apps happens.
I am happy for you, but that's not what I want to do. I want something much simpler. I want my passkey only on my laptop.
It seems we have different definitions of 'simple'. For me, using the passkey manager that comes with my OS is the simple solution. It just works, by default.
If you want to utilize a 3rd party manager, find one that doesn't store/back up data to the cloud, trust that 3rd party app with your data, trust that those data are being securely stored on your local device (should it fall into the wrong hands), and trust that the software will always work with whatever version of macOS you are running, and if that's what simple means to you, then good luck.
We are going around in circles here
Third Party Passwords Manager applications like 1Password and others available on the Apple Apps Store
Doing a quick search of Apple Apps Store I see 16
neuroanatomist wrote:
kk-hh wrote:
Yeah but as I understand it, the process is driven by the website through a browser and no website or browser I have tried appears to allow that.
A password is driven by the website through a browser. A passkey is established and requested by the website but requires a combination of software and hardware, the latter needed for the biometric access (which is why passkeys are more secure, along with the built-in 2FA).
I am well aware that passkeys are more secure.
As stated by my colleague, Apple devices now use iCloud to store/sync passkeys. You don’t need to subscribe to a plan or use the other features of iCloud for that to work, the feature is associated with your Apple Account.
So it is not possible to use passkeys without them being copied into the cloud?
Because there’s a hardware component to the process, even if using a 3rd party app to store passkeys was possible (it’s not alone, but it is with a 3rd party hardware added), personally I wouldn’t do it. Lots of examples here of people using 3rd party disk encryption who lost data access when their software didn’t work with Tahoe.
You are saying it's not possible to use a passkey without dedicated hardware? Dedicated hardware like Apple's T2? But I still can't have a passkey stored only locally on my computer?
Plus the convenience of setting up a passkey on one device and having it available with fingerprint/face on all my devices, for me it’s a no-brainer. My passkeys work seamlessly across two Macs (one Sequoia, one Tahoe) with TouchID and an iPhone and iPad (both on 26) with FaceID, regardless of which device was used to create the passkey.
I am happy for you, but that's not what I want to do. I want something much simpler. I want my passkey only on my laptop.
neuroanatomist wrote:
kk-hh wrote:
Yeah but as I understand it, the process is driven by the website through a browser and no website or browser I have tried appears to allow that.
A password is driven by the website through a browser. A passkey is established and requested by the website but requires a combination of software and hardware, the latter needed for the biometric access (which is why passkeys are more secure, along with the built-in 2FA).
As stated by my colleague, Apple devices now use iCloud to store/sync passkeys. You don’t need to subscribe to a plan or use the other features of iCloud for that to work, the feature is associated with your Apple Account.
Because there’s a hardware component to the process, even if using a 3rd party app to store passkeys was possible (it’s not alone, but it is with a 3rd party hardware added), personally I wouldn’t do it. Lots of examples here of people using 3rd party disk encryption who lost data access when their software didn’t work with Tahoe.
Plus the convenience of setting up a passkey on one device and having it available with fingerprint/face on all my devices, for me it’s a no-brainer. My passkeys work seamlessly across two Macs (one Sequoia, one Tahoe) with TouchID and an iPhone and iPad (both on 26) with FaceID, regardless of which device was used to create the passkey.
+ 1 👍
2 - Apple has a Password application for this purpose but the caveat being it will want to use iCloud Keychain
3 - Third Party Passwords Manager applications like 1Password and other available on the Apple Apps Store
Doing a quick search of Apple Apps Store I see 16
kk-hh wrote:
I want something much simpler. I want my passkey only on my laptop.
Then the answer is simple. No
1 - Use a hardware security key (e.g., YubiKey, SoloKey)
These work offline and are not synced anywhere.
I have a reasonably secure computer already. I don't want to add complexity, and even if I did, how is it done?
With a FIDO2/WebAuthn security key, you can:
2 - Use a third-party password manager with its own passkey storage
Yeah but as I understand it, the process is driven by the website through a browser and no website or browser I have tried appears to allow that.
So how do you do it?
Owl-53 wrote:
So easy and syncs across to all devices
I don't want to sync across devices. I only have a laptop. I have no requirement or desire to sync. I just want to use a passkey on my one device.
While some individuals visit these forums seeking technical solutions to specific Apple-related issues, there are also those who seek recognition or fame through their contributions.
Follow on if you please
During the time of macOS 14 Sonoma, Apple had not introduced a desiccated password manger application
Moving forwards to macOS 15 and above
Apple did introduce the Password application
Use the Passwords app to create, manage, and share passwords and passkeys across Apple devices
That is were password and passkey are kept and yes does involve iCloud Keychain to sync they across various Apple devices using the same Apple ID account
On a personal note
Using 1 M4 Desktop, 1 M4 Laptop, 1 M2 Desktop plus an iPhone all with the same macOS / iOS 26 latest versions
So easy and syncs across to all devices
kk-hh wrote:
Yeah but as I understand it, the process is driven by the website through a browser and no website or browser I have tried appears to allow that.
A password is driven by the website through a browser. A passkey is established and requested by the website but requires a combination of software and hardware, the latter needed for the biometric access (which is why passkeys are more secure, along with the built-in 2FA).
As stated by my colleague, Apple devices now use iCloud to store/sync passkeys. You don’t need to subscribe to a plan or use the other features of iCloud for that to work, the feature is associated with your Apple Account.
Because there’s a hardware component to the process, even if using a 3rd party app to store passkeys was possible (it’s not alone, but it is with a 3rd party hardware added), personally I wouldn’t do it. Lots of examples here of people using 3rd party disk encryption who lost data access when their software didn’t work with Tahoe.
Plus the convenience of setting up a passkey on one device and having it available with fingerprint/face on all my devices, for me it’s a no-brainer. My passkeys work seamlessly across two Macs (one Sequoia, one Tahoe) with TouchID and an iPhone and iPad (both on 26) with FaceID, regardless of which device was used to create the passkey.
Can I use passkeys locally on a Mac without iCloud?
