YubiKey vs iCloud / Google passkeys — which should you use?
"Passkeys" really come in two flavours: the ones that sync to your phone automatically, and the ones that live inside a physical YubiKey. Here's the difference, and when to use each.
Last updated: May 2026
📢 Affiliate disclosure.
This article contains Amazon affiliate links. As an Amazon Associate, Arpass earns from qualifying purchases. Our reviews and rankings are not influenced by commission.
There are really two kinds of passkey
"Passkey" has become the umbrella term for a passwordless login. Under the hood, there are two distinct flavours:
Synced passkeys — stored in iCloud Keychain or Google Password Manager and automatically synced across devices on the same account.
Hardware-bound keys — live inside a physical device like a YubiKey, and only work when you have that device in hand.
Both are "safer than passwords." The fundamental difference is where the key lives.
Synced passkeys (iCloud / Google)
The key is held in your Apple or Google account and synced to your devices via the cloud.
Effortless. A new device automatically gets your passkeys after you sign in. Almost zero setup.
Has a recovery path. If you lose all your devices, you can recover via your Apple / Google account.
The trust anchor is your cloud account. Conversely, it depends on the security of that account — a compromised Apple / Google account puts these passkeys at risk.
For most people, synced passkeys are dramatically safer than "password + SMS". For everyday use, this alone is enough.
YubiKey (hardware key)
The key only ever exists inside the physical device. It never leaves, and the cloud never sees it.
Cloud-independent. Because the key isn't synced, even a compromised cloud account can't reach it.
Strongest against phishing. You have to physically tap the device, which prevents the typical "fake site captures your credential" attacks.
You manage your own backups. No automatic sync means you need to keep two or more keys in separate safe places.
Right for the most important things. Anything you don't want anywhere near a cloud, or anything you need to keep safe for a very long time.
Comparison table
Property
Synced passkey (iCloud / Google)
YubiKey (hardware key)
Where the key lives
Cloud (synced)
Only inside the physical device
Moving to a new device
Auto-synced
Plug in / tap to register
Convenience
High
Some setup required
Cloud-independent
Depends on account
Independent
Phishing resistance
High
Very high
Loss preparation
Account recovery
Keep spare keys yourself
Cost
Free
From a few dozen dollars per key
Which one should you use?
It isn't either-or. The realistic answer is pick based on the goal.
Most people, day-to-day use → synced passkeys are enough. Effortless and a huge upgrade from the password era.
You don't want a cloud anywhere near your keys, or you want a physical key as your root of trust → YubiKey. Right for admin credentials, important long-lived data, or anyone who prefers cloud-free control.
Best of both → use synced passkeys day-to-day, with a YubiKey registered as a backup. Even if all your devices are lost, the YubiKey in your drawer can open things up.
If you go "both," buy two YubiKeys. Hardware keys aren't auto-synced, so a single key risks lockout if it's lost or broken. Keep two, in different places.
Getting a YubiKey
Yubico YubiKey 5C NFC
USB-C + NFC, all-rounder. Works on PCs and phones. A reasonable first (and second) key for most people.
Synced passkeys give you "convenience and a recovery path." YubiKey gives you "cloud independence and the strongest practical security." Everyday use → passkeys. The important things → YubiKey. Or combine them — that's the realistic answer.
Arpass supports both. The standard mode works with synced passkeys or YubiKey. The dedicated "YubiKey-only mode" opens your secure drive with registered YubiKeys alone. See the help guide.
ARPASS
→ Open Arpass