Troubleshoot Cross-Device Sign-In and Transport
This page offers troubleshooting tips for cross-device sign-in and transport related to the implementation of support for passkeys. The cross-device sign-in experience can accommodate the diverse needs and preferences of users by providing a flexible, multi-option sign-in approach. People can use a mobile device with a passkey to sign in on another device that does not have a passkey. For details and demonstrations about this use case, see the Cross-Device Sign-In design pattern.
To learn which browsers and operating systems support cross-device sign-in, view the Device Support Matrix on passkeys.dev.
User misunderstanding of recognized devices might create privacy concerns
Some end users are not sure how or why their device knows that there is an available passkey on their Android device. Some end users incorrectly believe their combination of devices knows too much about each other and is a privacy concern.
Steps to reproduce
- Sign in to Chrome on desktop.
- Sign in to Chrome on Android.
- Create a passkey for a service on the same Android device.
- Sign in on desktop using cross-device sign-in.
- Notice Chrome desktop recognizes an available passkey on nearby Android device.
Guidance
There is no privacy concern.
Some organizations might wish to document how two devices can recognize the availability of a passkey on Android. This documentation can be used by contact center professionals if the topic arises or published for end users along with other help content that relates to passkeys.
Related resources
- Cross-Device Sign-In design pattern
Some people might not have success with cross-device sign-in
In some cases a number of different factors might contribute to an end user not successfully completing cross-device sign-in.
Steps to reproduce
- Create a passkey for a service on a mobile device.
- Sign in on desktop using cross-device sign-in.
- Notice the steps required.
Two different computing devices are required for cross-device sign-in. The two devices likely use different operating systems. Further, many different versions of operating systems are available for end users. The possible combinations, combined with end users who might or might not know how to navigate the cross-device sign-in experience, can lead to unsuccessful attempts at cross-device sign-in. A few common reasons for unsuccessful cross-device sign-in are listed below. This is not an exhaustive list:
- End user does not know how to scan a QR code
- End user's default camera app does not recognize QR codes
- End user does not know how to follow a link provided by their default camera
- End user is confused when prompted to scan a QR code.
- QR scanner does not scan the QR code
- Managed devices might disable Bluetooth. In most uses cross-device sign-in requires Bluetooth to prove physical proximity of the two devices and prohibit remote-based attacks. Passkeys themselves are never transmitted by Bluetooth.
Guidance
Cross-device sign-in is intended to be used when a device does not already have a passkey. This is typically a one-time event for a particular device or an occasional event. Relying parties have the ability to know if cross-device sign-in was used, after it was used. But, there is no way for the relying party to know in advance that cross-device sign-in might be needed. Because of this, there is no reliable way to guide end users through the cross-device sign-in process in real time. We recommend documenting how cross-device sign-in works and making this available to end users along with other Help content for passkeys. We also recommend that Customer Support specialists be aware of cross-device sign-in and how it works so they can help end users.
Related resources
- Cross-Device Sign-In design pattern
- Cross-Device Sign-In definition on Passkeys.dev