Log in to your SwissID account. Under ‘Login settings’, you can set up a new passkey and manage your existing passkeys.

You can obtain general assistance with passkeys from your provider, such as Google or Apple.

However, if you can’t use your passkey at the moment because you don’t have your device with the passkey to hand, you can simply switch to the alternative login method and log in with a password and a second factor.

SwissID only supports passkeys that comply with the FIDO2 standard and have been issued by certified platforms. Many password managers offer features similar to passkeys but are not FIDO2-certified – these cannot be used for the SwissID login.

For example, FIDO2-compatible passkeys are supported by:

• Apple iCloud Keychain (on iPhones, iPads and Macs)

• Google Password Manager (on Android devices with an additional security check such as the Android SafetyNet Attestation)

• Windows Hello

• Hardware security keys such as YubiKeys (with FIDO2 certification)

Note: FIDO2-compatible passkeys can also be used on Samsung devices – provided they are stored via Google Password Manager. Other systems such as Samsung Pass or Samsung Wallet are not currently supported.

Only password managers that are FIDO2-compliant are supported. Many password managers can store passkeys but are not compliant themselves and are therefore not permitted by SwissSign for security and regulatory reasons.

For information on compliant passkeys, see ‘Supported FIDO2-compliant passkeys’.

Before you log in, SwissID automatically checks whether a FIDO2-compatible passkey can be used successfully. Passkey login is only offered if the prerequisites are met. If these are not met, the alternative login method involving a password and second factor is automatically offered instead.

A passkey replaces the need for a password and second factor. It is tied to your device and/or system, cannot be spied on or shared, and protects you from phishing – enabling a secure and simple login experience.

Some reasons why a passkey that has already been configured might not be used:

• iCloud Keychain is active, but you are using an Android device – iCloud Passkeys are not available there.

• Google Password Manager is active, but you are using a browser other than Chrome – FIDO2 is not supported in this case.

• Windows Hello is active, but you are not using a Windows system, such as a smartphone or other operating system.

• Android SafetyNet Attestation is required, but is not available on the device or it fails.

• There is no FIDO2-compatible passkey set up on the current device.

In all of these cases, the alternative login method involving a password and second factor is automatically offered instead.

Tip: You can create additional passkeys on different devices at any time. Simply log in to your SwissID account and set up a new passkey on your desired device under ‘Login settings’. Following this, you will be able to log in with your passkey there in the future, too.

Passkeys are tied to a device and/or system. After making the switch, you’ll need to set up a new passkey or make sure the previous one has been automatically synced (e.g. via iCloud or your Google account).

In some business environments, technical limitations may hinder the use of passkeys. Two common causes and possible solutions:

1. Whitelisting of domains

For passkeys to work correctly, certain domains must be accessible. Please make sure that the following domains are enabled in the proxy or firewall:

• cable.ua5v.com

• cable.auth.com

More information: Microsoft Learn: Alternate registration flow

2. Bluetooth restrictions

Some passkey registrations require Bluetooth. In many cases, Bluetooth can be configured so that it is only enabled for certain functions, such as passkeys.

Find out more at: Manage Bluetooth policy (MS Learn)

Alternative option

Security key If the above measures are not possible, a FIDO security key such as YubiKey can be used as a hardware-based alternative – once access to USB ports is allowed.

1. Passkeys for web browsers and operating systems

Passkeys specially optimised for use with common web browsers (such as Chrome, Safari and Edge) and operating systems (Mac and Windows).

2. Passkeys for iOS and macOS

Passkeys designed specifically for iOS and macOS environments to enable seamless integration and strong authentication, including support from iCloud and various Apple services.

3. Passkeys for Android and Google devices

Passkeys designed for Android-based devices and Google services that include both hardware and software solutions to provide strong two-factor authentication.

4. Hardware security keys and USB/NFC devices

Physical security tokens that communicate via USB or NFC to ensure that authentication processes are carried out only with the correct device, including solutions such as YubiKey and similar devices.

5. Card and smart card-based authentication

Passkeys that are based on smart cards or authentication cards and used in professional or highly secure environments to ensure that only authorised users have access.

You can check the FIDO Alliance website to see if a particular passkey is certified: https://fidoalliance.org/certification/fido-certified-products/.