Help users adopt passkeys more seamlessly

Eiji Kitamura
Eiji Kitamura

Published: May 09, 2025, Last updated: December 22, 2025

Passkeys offer strong, phishing-resistant authentication. However, getting users to adopt them can introduce friction. With automatic passkey creation you can create passkeys for your users at the right moment, as long as they already have a password saved for your site. Conditional Create, which enables automatic passkey creation, is part of the WebAuthn specification.

How it works

To help users adopt passkeys more conveniently, use a WebAuthn API feature called Conditional Create. Conditional Create lets your site request a passkey for the user without requiring any action from them.

This flow works when the following conditions are met:

  • The user has a saved password in their default password manager.
  • The password was used recently. Ideally, call Conditional Create immediately after a successful password-based login.

If both conditions are met, you can request the password manager to create a passkey for the user by calling Conditional Create. After successfully creating the passkey, the user is notified depending on the password manager.

Passkey request flow with conditional create.

Compatibility

Conditional Create is supported by Safari on macOS and all browsers on iOS, as well as Chrome on desktop and Chrome on Android.

These support means it works on their respective default passkey providers: iCloud Keychain (Passwords) on Safari on macOS and iOS, and Google Password Manager on Chrome on desktop and Android.

Since iOS 18 or higher and Android 14 or higher support third-party passkey providers, regardless of the browser the user uses, the Conditional Create support is up to the passkey provider. If the selected passkey provider doesn't support Conditional Create, a new passkey won't be created.

Implement Conditional Create

Automatic passkey creation is based on a WebAuthn API feature called Conditional Create. These are regular WebAuthn create() requests with the mediation parameter set to "conditional" which works similarly to passkey autofill for get() requests.

Use Conditional Create after the user signs in with a password. Whether the creation succeeds depends on the password manager and certain conditions being met. These conditions can vary by password manager and may change over time. For example, in Chrome with Google Password Manager (GPM), the user must have recently signed in using a saved password for the site.

If the browser successfully creates the passkey, it returns a public key credential. Send this credential to your backend to complete registration and enable future authentication.