Apple's WWDC25 Passkey Updates: Fast Forwarding The Journey To Passwordless

At WWDC 2025, Apple unveiled five major passkey improvements that address key friction points in the transition away from passwords. These updates for iOS, iPadOS, macOS, and visionOS make passkey adoption smoother and more automatic, bringing us closer to truly passwordless authentication.

The momentum is undeniable. According to the FIDO Alliance, 69% of people now have at least one passkey. Google reports that passkey sign-ins are four times more successful than passwords, while TikTok sees an impressive 97% success rate with passkey authentication.

Let's see the five key updates and what they mean for the future of authentication.

‍

1. Account creation API: Rethinking sign-up from scratch

The traditional account creation process is broken. Users fill out multiple form fields, struggle with password requirements, and often abandon the process entirely. Apple's new Account Creation API completely reimagines this experience.

Instead of lengthy forms, users see a clean, pre-filled sheet showing exactly what the app needs: their name, email, and a passkey. Everything is ready to go with suggested defaults that users can customize if needed. One tap, Face ID confirmation, and they're signed up with a passkey from day one.

The API handles edge cases gracefully. If a device isn't configured for passkey creation, users see the traditional sign-up form. If someone tries to create an account but already has a Sign in with Apple account for that service, the system guides them to their existing account instead of creating duplicates.

What makes this powerful is that accounts created this way never have passwords. They're secure from the start, eliminating an entire category of security vulnerabilities.

‍

2. Signal APIs: Keeping everything in sync

One overlooked challenge with passkeys is keeping credential information in sync across different credential managers. When someone changes their email address or revokes a passkey, that information needs to be reflected everywhere they might sign in.

Apple's new Signal APIs solve this synchronization problem. When account information changes, apps can immediately notify credential managers to update their records. This prevents the confusion and authentication failures that happen when credential managers show outdated information.

The APIs cover three key scenarios: updating usernames or email addresses, reporting which passkeys remain valid (automatically removing revoked ones), and signaling when passwords are no longer needed for an account.

Note: Authsignal will support the Signal API soon, which will make credential synchronization effortless across all your users’ devices.

‍

3. Automatic Passkey Upgrades: The silent security boost

The biggest challenge with passkey adoption isn't technical capability - it's getting users to actively create them. Automatic passkey upgrades eliminate this friction entirely.

Here's how it works: after someone signs in with their password, the system quietly creates a passkey in the background. Users get a subtle notification that a passkey was added, but there's no interruption to their workflow. Their password continues to work, but now they have a more secure option available.

The process includes smart background checks. The system verifies that a credential manager is available, confirms the password was just used successfully, and ensures the device supports passkey creation. If any condition isn't met, nothing happens - no error messages or failed attempts.

This approach respects user agency while providing an upgrade path that requires zero effort. It's the kind of seamless security improvement that actually gets adopted.

4. Passkey management endpoints: Making upgrades discoverable

Even with automatic upgrades, some users want to actively manage their authentication methods. Apple introduced a standardized way for credential managers to link directly to passkey enrollment and management pages.

By serving a simple JSON response at a well-known URL, websites can provide direct links from credential managers to their passkey setup pages. When someone reviews their saved passwords, they might see an "Add Passkey" button that takes them straight to the enrollment page.

This standard works across all participating credential managers, creating consistent upgrade paths regardless of which password manager someone uses. It's a small change that improves passkey discoverability a lot.

‍

5. Secure import and export: True credential portability

One concern about passkeys has been vendor lock-in. Apple addressed this with a secure transfer system that lets users move passkeys between credential managers.

Unlike traditional credential exports that create vulnerable CSV files, this system transfers data directly between apps using local authentication like Face ID. No files are created on disk, eliminating the risk of credential leaks from exported data.

The transfer uses a standardized format developed with the FIDO Alliance, ensuring compatibility between different credential managers. Users initiate the process, authenticate locally, and their passkeys move securely to their preferred credential manager.

This gives users true ownership of their credentials while maintaining the security benefits that make passkeys superior to passwords.

‍

The bigger picture

These updates work together to create multiple pathways to passkey adoption:

New users get passkeys immediately through the Account Creation API, starting their journey password-free.

Existing users receive automatic upgrades that require no action on their part, gradually migrating them away from passwords.

Active users can discover upgrade options through management endpoints, giving them control over their authentication methods.

All users benefit from synchronized, up-to-date credential information and the flexibility to choose their preferred credential manager.

‍

Industry impact

This isn't just Apple improving their own ecosystem. These changes build on open standards and work across platforms. The Signal APIs have web equivalents through WebAuthn. The import/export format comes from FIDO Alliance collaboration. The management endpoints use standard, well-known URLs.

The result is an industry-wide push toward passwordless authentication that benefits everyone, regardless of platform or credential manager preference.

For the complete technical details on these updates, watch Apple's WWDC 2025 passkey session.

‍

What does this mean for developers

These updates remove significant barriers to passkey implementation. The Account Creation API makes onboarding genuinely simple. Automatic upgrades handle the migration challenge. Signal APIs solve synchronization problems. Management endpoints improve discoverability.

For services like Authsignal, these improvements make it easier to deliver comprehensive passkey solutions that work seamlessly across the entire Apple ecosystem and beyond.

‍

Looking forward

The statistics Apple shared paint a clear picture: Passkeys work better than passwords in every measurable way. Higher success rates, better security, improved user experience. The missing piece has been adoption friction, and these WWDC updates directly address those challenges.

We're not just moving toward a passwordless future - we're accelerating toward it with tools that make the transition automatic, secure, and user-friendly.

Want to experience the passkeys firsthand? Try our passkey uplift demo to see how smooth authentication can be. Learn more about Authsignal's passkey solution and join the passwordless movement.