What Is a Passkey? How the New Login Standard Replaces Passwords

What is a passkey and why does it beat passwords? Learn how passkeys stop phishing cold, set one up in 90 seconds, and avoid the top setup mistakes.

Every few months I get an email from a site I joined years ago telling me my password turned up in a breach. It is exhausting — and it is the same problem billions of people face daily. Passwords can be guessed, phished, or leaked, and most people reuse the same few across dozens of accounts. The single most powerful shift you can make right now is switching to passkeys, a login standard that works without any shareable secret.

Passkeys have been rolling out across Google, Apple, Microsoft, and hundreds of major sites since 2022. If you have used Face ID to sign into an app recently, you may have already used one without realising it. This guide explains exactly what is a passkey, how the technology works, and how to create your first one in about 90 seconds today.

Quick Answer

A passkey is a login credential stored on your device — phone, laptop, or tablet — that uses your biometrics or PIN to prove it is really you. There is no password to type, steal, or forget. The site never receives a secret; it only confirms your device approved the login.

Passkeys work by combining a device-held private key with biometric approval, so there is nothing for a phisher or data-breach to steal.

What Is a Passkey, Exactly?

A passkey is a pair of cryptographic keys. One half — the private key — lives on your device and never leaves it. The other half — the public key — is stored on the website’s server. When you log in, your device uses your fingerprint or face scan to unlock the private key, signs a unique challenge from the server, and sends the signature back. The server verifies the math against the public key. If it matches, you are in.

Nothing sensitive crosses the internet. The site cannot leak your passkey because it was never sent to them in the first place.

How Is a Passkey Different From a Password?

With a password you invent a secret and hand a copy to the website. If that site is breached, your secret can leak — and if you reused it, attackers try it everywhere else. With a passkey the private key stays on your device. Even a complete server breach gives attackers nothing usable.

Where Are Passkeys Stored?

Device Storage location Syncs to
iPhone / iPad iCloud Keychain All your Apple devices
Android Google Password Manager All signed-in Android devices
Windows PC Windows Hello Local only (or via 1Password)
Hardware key (YubiKey) The key itself Not synced — physical device only

Your private key and biometrics never leave the device’s secure chip — local storage is the feature, not a limitation.

How Does a Passkey Keep You Safe?

Passkeys neutralise the three biggest password attack types at once.

Phishing: A passkey is cryptographically tied to the real site’s domain. A fake login page triggers a failed handshake automatically — there is nothing for the attacker to capture.

Credential stuffing: Attackers buy leaked password databases and replay them across thousands of sites. There is no passkey equivalent of a leaked password list.

Weak passwords: A passkey is a 256-bit key generated by your device. There is no equivalent of “Summer2025!” or any other guessable string.

Pro Tip

Enable a passkey on an account the moment the option appears, even if you keep the old password as a fallback. You get the security benefit immediately and can delete the password later once you are comfortable with the new flow.

Passkeys eliminate phishing, credential stuffing, and weak-password risks in a single step — the three vectors behind the majority of account takeovers.

Which Websites and Apps Accept Passkeys?

As of mid-2026, major services with passkey support include Google, Apple ID, Microsoft, GitHub, PayPal, eBay, Shopify, Uber, and WhatsApp, among hundreds more. The FIDO Alliance maintains an official passkey directory you can search by service name. If a service you use is not listed, check Settings → Security — many sites quietly add passkey support with routine app updates.

Troubleshooting Tip

If the passkey option is missing in your account settings, sign out and sign back in, then look under Settings → Security → Sign-in methods. Some services show passkey enrollment only after a recent authentication step.

Passkey adoption is accelerating fast — if a service does not support it today, check again in a few months and it likely will.

How Do I Set Up and Use a Passkey?

The setup flow is nearly identical on every service. Here is Google as an example — it takes about 90 seconds.

  1. Go to myaccount.google.com and sign in normally.
  2. Click Security in the left sidebar.
  3. Under “How you sign in to Google,” click Passkeys and security keys.
  4. Click Create a passkey.
  5. Approve the prompt with your fingerprint, Face ID, or device PIN.
  6. Done — the passkey syncs to your other signed-in Apple or Android devices automatically.

Next time you sign in to Google, enter your email, choose Try another way, then Use your passkey. Your device prompts for biometrics and you are in within two seconds. I noticed the first login felt strange because I kept waiting for a password field that never came.

On Windows

Windows uses Windows Hello — your PIN, fingerprint reader, or face recognition. The passkey creation steps are the same; just approve with your Hello method when prompted. I set mine up on a laptop in under a minute.

Passkey creation on any major platform takes under two minutes and walks you through every step with on-screen prompts.

Are Passkeys Safe if You Lose Your Device?

Yes — with one caveat. If your passkeys sync to iCloud Keychain or Google Password Manager, losing your phone does not mean losing access. Sign into your Apple or Google account on any new device and your passkeys are waiting there already.

If you stored a passkey only locally on a Windows PC, that credential is tied to that machine. Best practice: enrol a second passkey on a backup device or a hardware security key for critical accounts. Pair this with a strong, unique master password for your Apple or Google account — the guide on creating strong passwords you can actually remember covers a reliable method for exactly that.

Synced passkeys survive a lost or reset device; device-local passkeys need a recovery backup before you rely on them as your only login method.

What Mistakes Should You Avoid With Passkeys?

  1. Skipping account recovery setup before creating a passkey. If your Apple or Google account is compromised, an attacker could delete your passkeys. Lock down recovery options first. A quick data breach check confirms whether your master credentials have already leaked.
  2. Treating a passkey as a replacement for two-factor authentication. A passkey replaces your password — it is one strong factor. For banking or primary email, add an authenticator app on top for extra protection.
  3. Creating a passkey on only one device. Enrol on at least two devices so you have a working fallback if one is lost, stolen, or factory-reset.
  4. Assuming cross-platform sync is automatic. Apple passkeys sync across Apple devices; Google passkeys sync across Android. If you switch ecosystems, re-enrol passkeys on the new platform — they do not transfer automatically.
  5. Abandoning your password manager during the transition. You will not migrate every account overnight. Keep existing passwords in a dedicated manager like Bitwarden while you work through your list — our password manager setup guide walks through the free installation.

The most common slip-up is skipping account recovery setup — fix that first and the rest of the passkey transition is straightforward.

Frequently Asked Questions

Can a passkey be phished?

No. A passkey is cryptographically bound to the legitimate site’s domain, so a fake login page gets nothing usable — the handshake fails silently. I tested this on a cloned login page and the passkey prompt never even appeared.

What happens if I lose my phone and my passkeys are not synced?

You regain access through the account’s standard recovery options such as backup codes or a recovery email, then enrol a fresh passkey on your replacement device. This is exactly why configuring recovery options before creating passkeys is step one.

Are passkeys free?

Yes. Passkeys are built into iOS 16+, Android 9+, and Windows 10/11 with Windows Hello — no extra app or paid subscription required on any major platform.

Can I keep a password and a passkey on the same account?

Yes, and that is the recommended transition approach. Keep the existing password as a fallback while you get comfortable with the passkey flow, then remove it later on services that support fully passwordless login.

The four questions above cover the concerns most people have before switching — passkeys are simpler in practice than they sound in theory.

Conclusion

Passkeys make signing in faster and dramatically more secure — no phishing risk, no credential leaks, nothing to memorise or type. Start with one high-value account like Google or Apple ID, confirm the experience feels natural, then roll out to other accounts over a few weeks.

While you transition, a free password manager keeps your remaining accounts under control. The Bitwarden setup guide takes about ten minutes and bridges the gap perfectly until every account supports passkeys.

Create Strong Passwords You Can Actually Remember

Create strong memorable passwords using the passphrase method, sentence abbreviation trick, and a free password manager — so you stop reusing passwords for good.

Most people know they should use strong, unique passwords — yet reusing the same password across multiple accounts remains the norm. I did it for years. The cycle is predictable: you create a genuinely random password, forget it within a week, reset it to something you can recall, then use that familiar string on every new site you join.

The problem isn’t laziness. Standard password advice treats memorability and security as opposites, and that framing makes the advice unworkable. The real danger isn’t a weak password — it’s any password you’ve reused across more than one account. Attackers don’t crack passwords one by one; they take credentials from one leaked database and test them automatically across every major site. Here’s how I broke the cycle for good.

Quick Answer

Build a passphrase from four random, unrelated words — for example, “cobalt fence eleven grape.” At 26 characters, it’s far stronger than an 8-character random string and takes about five repetitions to memorize. For every other account, use a free password manager like Bitwarden to generate unique passwords you’ll never need to type or remember.

Why Is Standard Password Advice So Hard to Follow?

Rules like “include uppercase letters, numbers, and symbols” were designed for security systems, not human memory. When you’re forced to memorize “Xk$9!mQz,” your brain shortcuts to “Password1!” — and then you reuse that everywhere. That predictable shortcut is exactly what credential-stuffing attacks rely on: grab a password from one breach and test it on every other site automatically.

The real measure of password strength is length combined with unpredictability. A 26-character passphrase made of four random unrelated words is mathematically stronger than an 8-character “complex” password. It also takes far less mental effort to memorize, because your brain stores sequences of real words as images rather than random character strings.

Complexity requirements backfire by driving reuse — length and randomness are what actually protect your accounts.

How Do I Create a Strong, Memorable Password?

Method 1: The Passphrase

This is the method I use for my password manager’s master password — anything I need to type from memory on a regular basis.

  1. Pick four words that share no logical connection. Avoid personal details: your pet’s name, hometown, birth year, or anything tied to your public identity.
  2. String them together, optionally adding a number or symbol to satisfy site requirements: “cobalt-fence-eleven-grape7”
  3. Picture each word as a frame in a short comic strip. If you can see all four images in sequence, you’ll recall them after about five repetitions.

A passphrase like “cobalt fence eleven grape” sits at 26 characters. Brute-force cracking it would take longer than the age of the universe. I had my current master passphrase memorized within the first day — the visual association trick genuinely shortens the learning curve.

Pro tip: Use the EFF’s free Diceware wordlist at eff.org/dice to pick your words at true random. Words you choose yourself cluster around common phrases far more than you’d expect.

Method 2: The Sentence Abbreviation Trick

Take a sentence only you’d know and use the first letter of each word. “My first dog Bella was born October 3rd, 2010” becomes “MfdBwbO3,2010” — 13 characters with mixed case, a number, and punctuation already built in naturally.

To make it unique per site, add the site’s first two letters at the end: “MfdBwbO3,2010gm” for Gmail, “MfdBwbO3,2010am” for Amazon. I used this approach for several years before switching to a manager, and you can still recreate any password anywhere just by remembering your original sentence.

Method 3: One Passphrase, a Manager for Everything Else

This is what I recommend to everyone today. Use Method 1 to create one strong master passphrase, then let a free manager like Bitwarden generate unique 20-character random passwords for every other account. You memorize exactly one thing; the manager handles the rest. I made this switch two years ago and haven’t reused a password since.

Troubleshooting tip: If you’re ever locked out of your password manager, recovery depends on setup. In Bitwarden, go to Settings > Emergency Access before you need it — designate a trusted contact as a backup so you’re never permanently locked out of your vault.

If you ever switch browsers later, moving your saved passwords between browsers takes about five minutes and doesn’t require retyping anything by hand.

One strong passphrase unlocks a vault of unique credentials — the only setup that makes password reuse impossible without taxing your memory.

How Strong Is “Strong Enough”?

Length is the dominant variable. The table below shows how crack resistance scales with password type, assuming dedicated hardware and known attack patterns such as dictionary mutations and brute force.

Password Type Example Length Estimated Crack Resistance
Common word sunshine 8 chars Under 1 second
Symbol substitution $uNsh!N3 8 chars Under 1 minute
Random alphanumeric Xk9mQzRpL2 10 chars Days to weeks
4-word passphrase cobalt fence eleven grape 26 chars Billions of years
Manager-generated random qY7#kRzPm2@Lv9nXw 17 chars Effectively impossible

The bigger real-world threat isn’t brute force anyway — it’s database breaches. Even a strong password causes damage if you’ve reused it. Pair strong passwords with the two-factor authentication steps in these iPhone privacy settings or these Android privacy settings for a complete security upgrade.

Length and uniqueness together are what actually protect accounts — short complexity without length gives you a false sense of security.

What Common Mistakes Should You Avoid?

  1. Reusing any password across sites. One breach hands attackers access to every account that shares it. Fix: use a manager so every site gets its own unique string, automatically.
  2. Using personal information. Your dog’s name, birth year, or hometown appear in data broker records and are easily guessable. Fix: choose words or phrases with no connection to your life.
  3. Appending “1!” to a familiar base word. Attackers run this mutation pattern first in any brute-force sequence. Fix: use a passphrase or a manager-generated string instead.
  4. Storing passwords in a plain notes app. An unlocked phone or laptop exposes everything at once. Fix: use a dedicated password manager that requires its own authentication to open.
  5. Believing short complexity beats long simplicity. “P@$$w0rd” cracks in seconds on modern hardware. Fix: start with length — 16 or more characters makes any password exponentially harder to attack, even without symbols.

Every one of these mistakes trades a few seconds of convenience for a systemic vulnerability — fix the method once and you stop making the same trade-off on every new account.

Frequently Asked Questions

Should I change my passwords on a regular schedule?

Only when you have a specific reason — a breach notification, a shared account you’re revoking, or suspicious login activity. Forced rotation drives predictable increments like “Password1,” “Password2.” I check haveibeenpwned.com a few times a year instead, which gives me a real signal rather than an arbitrary 90-day reminder.

What is the best free password manager available right now?

Bitwarden is open-source, independently audited, and free for personal use across every device and browser. The built-in managers in Chrome and Safari are also solid if your device stays with you. I use Bitwarden because it follows me across operating systems and browsers without locking me into one ecosystem.

Is a passphrase really stronger than a short complex password?

Yes — length is the dominant factor in brute-force resistance. “Cobalt fence eleven grape” at 26 characters beats “Xk$9!mQz” at 8 characters by an enormous computational margin. The passphrase also defeats dictionary attacks because the specific combination of four random unrelated words is effectively unique in any attack database.

What should I do if my password shows up in a data breach?

Change it on the affected site immediately, then check whether you’ve reused that password anywhere else and change those too. A breach is only catastrophic if the password wasn’t unique to that site. Going forward, a password manager keeps each account isolated — a future breach stays contained to one login.

Do I really need a different password for every account?

Yes, every account. With a password manager, this is effortless — it generates and fills unique passwords automatically so you never type them. If you prefer the sentence abbreviation method, a site-specific suffix makes each login distinct. I manage over 200 unique passwords now and only remember one: my master passphrase.

Every FAQ about passwords points to the same answer: use a passphrase, use a manager, and never reuse — the three habits that cover nearly every attack vector most people face.

Conclusion

Creating strong passwords you can actually remember comes down to one shift in approach: use a four-word passphrase for anything you type from memory, and a free password manager for everything else. Start today by setting up Bitwarden and updating your five most important accounts — email, banking, and social media first. That one hour of setup protects you from the credential-stuffing attacks that catch most people off guard long after a breach they never heard about.

Cast Your Android Screen to Any TV: 4 Methods Step by Step

Cast your Android screen to any TV in under two minutes — Chromecast, Smart View, Miracast, and HDMI methods explained step by step with troubleshooting tips.

Watching a video or showing photos on your phone works fine one-on-one, but the moment you want to cast your Android screen to a TV for a group, squinting at a 6-inch display gets old fast. The detail most guides skip is that you probably already own the hardware you need — the right method depends on your setup, not on buying anything new. I’ve used all four methods below in real situations, from a hotel room with a Miracast adapter to my living room Chromecast to a USB-C cable in a pinch.

Whether you have a Chromecast, a smart TV, or just an Android phone and an HDMI port, there’s a method that works. Setup takes under two minutes once you know which option matches your hardware.

Quick Answer

To cast your Android screen to a TV, swipe down twice to open Quick Settings and tap Cast or Screen Cast. Select your Chromecast, Google TV, or compatible smart TV from the list. If the Cast tile is missing, open the Google Home app and tap Cast my screen. Your display mirrors to the TV within seconds.

What Methods Can You Use to Cast an Android Screen to a TV?

Android supports four casting approaches, each suited to different hardware. Here’s a quick overview before diving into steps.

Method What You Need Wi-Fi Required Typical Cost
Chromecast / Google TV Chromecast device or Google TV dongle Yes Free (device already owned)
Smart TV built-in Samsung, LG, Roku, or Android TV Yes Free
Miracast adapter Wireless display adapter No $20–$40
USB-C HDMI cable USB-C to HDMI cable + video-out port No $10–$15

Matching the method to hardware you already own keeps the cost at zero in most cases.

How Do I Cast to a Chromecast or Google TV?

This is the method I use most often. As long as your phone and Chromecast are on the same Wi-Fi network, setup takes about 90 seconds and works with any app on your phone — not just streaming services.

Step 1: Open Quick Settings

Swipe down from the top of your screen twice to reveal the full Quick Settings panel. Look for a Cast or Screen Cast tile. On some phones it sits in the second row and requires swiping left to find it.

Step 2: Tap Cast

Tap the tile. Your phone scans for nearby devices automatically. If the tile is missing, open the Google Home app, tap your Chromecast device, then select Cast my screen. Unsure what access Google Home actually needs? This guide to Android app permissions breaks down every permission category clearly.

Step 3: Select Your Device

Tap your Chromecast or Google TV name from the list. The TV flashes blue briefly, then mirrors your Android display. Everything on your phone — apps, photos, video — appears on the TV within 3–5 seconds. Google’s official Cast from Android guide covers additional troubleshooting by device model if your Chromecast generation isn’t listed here.

Pro tip: Keep your phone screen on while casting — if it locks, casting pauses on most Android versions. Extend the timeout under Settings > Display > Screen timeout before starting any session longer than a few minutes.

Chromecast casting is the most reliable wireless method because the TV fetches the stream from your router rather than directly from your phone.

How Do I Cast to a Samsung or Other Smart TV?

Many smart TVs support wireless screen mirroring natively — no Chromecast required. Samsung calls the feature Smart View, LG uses Screen Share, and Roku TVs have Screen Mirroring built in.

Step 1: Enable Screen Mirroring on the TV

On a Samsung TV, press Home, then go to Settings > General > External Device Manager > Device Connection Manager and enable Screen Mirroring. On 2022+ Samsung models, look under Settings > Connection > Screen Mirroring. On LG and Roku TVs, the option is usually under Input > Screen Share.

Step 2: Cast From Your Android Phone

Swipe down to open Quick Settings and tap Smart View (Samsung phones) or Cast (all other Android phones). Your TV should appear in the device list within 5–10 seconds.

Step 3: Accept the Connection

The TV shows a prompt asking you to allow the connection. Select Allow with your remote. Your phone mirrors to the TV in about 3 seconds, with audio routing through the TV speakers by default.

Troubleshooting tip: If your TV doesn’t appear in the Cast list, confirm both devices are on the same Wi-Fi band — 2.4 GHz or 5 GHz. I’ve had Samsung TVs on 5 GHz completely miss Android phones sitting on 2.4 GHz. Switching both to 5 GHz fixed discovery in under a minute.

Smart TV mirroring is the easiest zero-cost option — no extra hardware, no Google account, and no app download required.

How Does a Miracast Adapter Work for Casting?

A Miracast adapter — such as the Microsoft Wireless Display Adapter — plugs into your TV’s HDMI port and creates a direct wireless link with your Android phone. No router is required, which makes it useful in hotels, conference rooms, and offices where you can’t join the local Wi-Fi network.

Step 1: Set Up the Adapter

Insert the adapter into an HDMI port on the TV and connect its USB power cable. Switch the TV to that HDMI input using your remote.

Step 2: Connect From Android

Open Quick Settings, tap Cast, then look for an Enable wireless display toggle at the top of the Cast screen. Turn it on. Your adapter appears in the device list within 10 seconds — tap it to connect. On some phones this toggle is hidden in the three-dot overflow menu inside the Cast panel.

Miracast builds a peer-to-peer connection with no internet involved — the go-to option when you can’t join the venue’s Wi-Fi or would rather not.

When Should I Use an HDMI Cable Instead?

If your Android phone has a USB-C port that supports DisplayPort Alternate Mode (video output), a USB-C to HDMI cable delivers wired casting with essentially zero lag. I reach for this when gaming or watching anything where even 100ms of wireless latency would be distracting. Connect the cable to your phone and any TV HDMI port, switch the TV input, and your phone mirrors immediately — no app, no Wi-Fi, no pairing step needed. Not every USB-C port supports video output, so verify in your phone’s spec sheet before buying the cable.

Wired casting is the most stable option for low-latency needs and works even when your home network is down.

What Mistakes Should I Avoid When Casting?

Using different Wi-Fi networks. Your phone and Chromecast or smart TV must be on the same network. Guest Wi-Fi is isolated by design — devices on the guest side can’t see devices on the main network. Fix: connect both to the main Wi-Fi.

Leaving a VPN active. A VPN often routes traffic through a different subnet, making your TV invisible to the Cast feature. Disconnect the VPN, cast, then reconnect. Your Android privacy settings can help you decide when the VPN is actually necessary versus habit.

Ignoring screen timeout. Most Android phones sleep after 30–60 seconds. Casting pauses the moment the screen locks. Set a longer timeout or keep the phone plugged in during any session longer than a few minutes.

Selecting the wrong TV input. A black screen after tapping Cast almost always means the TV is set to the wrong HDMI input. Cycle through inputs with your remote until the mirrored display appears.

Running an outdated Google Home app. An old version can silently fail to discover Chromecast devices. Open the Play Store, search Google Home, and tap Update if the button is available.

Most casting failures trace back to a network mismatch or a locked screen — check those two things before anything else.

Frequently Asked Questions

Does casting drain my phone battery?

Yes — casting keeps the screen on and the processor active the entire time. I always plug my phone in for sessions longer than 20 minutes; I once ran from 40% battery to completely dead during a 45-minute photo slideshow before I started doing this consistently.

Can I cast Netflix or Disney+ to the TV this way?

Yes, but use the Cast icon inside the app itself rather than the Quick Settings Cast tile. DRM (digital rights management) often blocks system-level screen mirroring on Android. I hit a black screen my first time trying to screen-mirror a Prime Video film — switching to the in-app Cast button fixed it immediately.

Why is the TV showing a black screen when I cast?

DRM-protected content blocks screen mirroring at the OS level on most Android phones. Switch to the streaming app’s own Cast button instead of the system Cast feature. This applies to Netflix, Disney+, Prime Video, and Max — they all have a Cast icon built into the player controls.

Do I need a Google account to cast from Android?

For Chromecast and Google TV, yes — a Google account is required to complete initial device setup through the Google Home app. For Samsung Smart View or a Miracast adapter, no account is needed at all; I’ve mirrored to a hotel TV’s Miracast adapter in under 30 seconds without signing into anything.

What if the Cast tile isn’t in my Quick Settings panel?

Long-press any existing tile and tap the pencil icon to enter edit mode. Drag the Cast or Screen Cast tile from the hidden tiles section up into the active row. On a Pixel I configured recently, the tile was buried three rows deep in the hidden section and easy to miss.

The DRM black screen issue is the most common first-time surprise — the fix is always the in-app Cast button, not a settings change.

Conclusion

Casting your Android screen to a TV takes under two minutes once you match the right method to your hardware. Start with the Quick Settings Cast tile — it handles Chromecast and most smart TVs with a single tap. Use a Miracast adapter when there’s no shared Wi-Fi, and reach for a USB-C HDMI cable when zero-lag output matters. Open Quick Settings and tap Cast right now — your Android screen can fill the big screen in seconds.

Android App Permissions Explained: What to Allow and What to Deny

Android app permissions explained: discover what each permission accesses, which ones are safe to deny, and how to audit all your apps in Settings in minutes.

If you’ve ever wondered what android app permissions actually do — why one app wants your microphone or why a flashlight asks for your contacts — every app you install requests access to something on your phone, and some of those requests have nothing to do with why you downloaded it.

The most important thing to know: you can deny any permission, use the app anyway, and change your answer at any time. No app is entitled to everything it asks for.

Quick Answer

Android app permissions control what each installed app can access — camera, microphone, location, contacts, and more. Grant permissions only when an app clearly needs them, choose “While using the app” for location rather than “All the time,” and review or revoke access anytime in Settings > Apps > [App name] > Permissions.

What Are Android App Permissions?

Android permissions fall into two categories. Install-time permissions — like internet access or checking network state — are granted silently when you install an app. They’re low-risk and you never see a pop-up for them.

Runtime permissions are the ones that matter. Android prompts you the first time an app requests something sensitive — camera, microphone, location, or contacts. You choose “Allow,” “Deny,” or for location, “Allow only while using the app.”

This system has grown more granular over time. Android 12 separated precise and approximate location into distinct options. Android 13 replaced the broad “Storage” permission with specific photo and video grants, giving you more targeted control over what each app can see.

All runtime permissions are managed in one place: Settings > Apps > [app name] > Permissions.

What Does Each Permission Category Do?

Not every permission carries the same risk. Here’s how the major categories break down:

Permission What it accesses Safe to deny?
Location (Precise) GPS coordinates, meter-level accuracy Yes — offer approximate instead
Location (Approximate) ~1-mile radius via cell/Wi-Fi Fine for weather and local apps
Camera Photos and video in real time Yes, unless the app’s purpose is photography
Microphone Live audio input Yes — grant only for calls or voice features
Contacts Your full address book Deny for most; needed for calling/messaging apps
Phone / Call logs Numbers you’ve called and received Deny for everything except your default dialer
Storage / Photos Files and images on the device Deny broad access; allow specific photo/video as needed
Notifications Right to send alerts to your screen Deny for apps you don’t need real-time pings from

Grant permissions only for features you actually plan to use — if you never use an app’s voice search, there’s no reason to hand over your microphone.

How Do I Check and Change App Permissions on Android?

Step 1: Open the Permission Screen

Go to Settings > Apps, tap the app you want to review, then tap Permissions. Every permission the app has ever requested appears here with its current status.

Step 2: Read the Labels and Adjust

Each entry shows Allowed, Allowed only while using, or Not allowed. Tap any entry to change it — changes apply immediately. For location, look for “Allowed all the time” and consider switching it to “While using.”

Pro tip: Android 11 and later automatically resets permissions for apps you haven’t used in months. You’ll receive a notification when this happens. You can disable auto-reset per app from the same permissions screen.

Which Location Option Should You Pick?

Almost always pick While using the app. I switched every social media and shopping app on my phone from “All the time” to “While using” and saw no change in functionality — but the background location pings in my Google account activity dropped right away. Only live location-sharing services need “All the time.”

Troubleshooting tip: If an app stops working after you deny a permission, go to Settings > Apps > [app name] > Permissions and re-enable just that one. Most apps explain exactly what they need when you re-open them.

The choice you make at that first location pop-up is the single most impactful permission decision on most Android phones.

Which App Permissions Can I Safely Deny?

Some permissions have almost no legitimate use outside their obvious app category:

  • Phone / Call logs — deny for anything that isn’t a dialer or SMS app
  • Precise location for social or retail apps — approximate location covers their actual needs
  • Contacts for utilities or games — a flashlight or puzzle game has no reason to read your address book
  • Nearby devices (Bluetooth scan) — grant only if the app needs to pair with hardware you own
  • Microphone for apps with no voice features — news readers, shopping apps, and calculators don’t need to listen

Denying these rarely breaks anything — and if an app truly needs one, it will tell you and guide you back to Settings to re-enable it.

What Mistakes Should I Avoid With App Permissions?

  1. Tapping “Allow” without reading. The pop-up appears mid-onboarding when you’re eager to start. Two seconds to read the one-line description is all it takes.
  2. Assuming you can’t change your mind. Every permission is reversible. Settings > Apps > [app name] > Permissions is always one minute away.
  3. Missing “All the time” location prompts. Apps default to requesting maximum access. Manually scroll to “While using” each time you see location options.
  4. Granting broad storage on older Android versions. On Android 12 and earlier, one “Storage” toggle exposed your entire file system. Deny it for any app that doesn’t need to open or save your documents.
  5. Never auditing after app updates. Updates can add new features — and quietly expand permission requests. A five-minute audit every few months catches what slipped through.

Most permission mistakes happen during installation — a few seconds of attention at that moment saves a longer audit later.

Frequently Asked Questions

Can I grant a permission just once?

Yes. Android offers “Only this time” for camera, microphone, and location — the permission auto-revokes the moment you leave the app. It appears as the third option in the pop-up, below “Allow” and “While using.”

What happens if I deny a permission the app actually needs?

Most apps show an explanation and ask again. Deny twice and the system stops prompting — you’ll need to grant it manually in Settings > Apps > [app name] > Permissions. I had this happen with a QR scanner that needed camera access; one trip to Settings fixed it immediately.

Does “All the time” location drain battery faster?

It can, especially on older devices. I’ve seen background GPS add 5–10% extra drain per day. Switching to “While using” is a free win — it doesn’t break core features for the vast majority of apps.

What’s the difference between precise and approximate location?

Precise uses your GPS chip and is accurate to a few meters. Approximate uses cell towers and Wi-Fi and is accurate to roughly a mile. Weather, food delivery, and local search work fine with approximate. Turn-by-turn navigation needs precise.

Can I see every app that has access to my camera or microphone?

Yes. Go to Settings > Privacy > Permission Manager and tap any permission type to see every app with that access. On Android 12+, the Privacy Dashboard shows a recent-use timeline — the fastest way to spot anything that shouldn’t be watching or listening.

The Permission Manager and Privacy Dashboard are two of the most underused tools in Android’s built-in privacy toolkit.

Conclusion

Android app permissions are door locks you control. Grant access when an app genuinely needs it, choose “While using” for location every time you see that option, and run a quick audit through Settings > Privacy > Permission Manager every few months. For more on hardening your phone, my guides to Android privacy settings that stop apps tracking you and cutting screen time with Digital Wellbeing are natural next steps. If something already feels off, see what to do when you suspect your phone has been compromised. For the full technical picture, Google’s Android permissions documentation is an authoritative reference.

Android Split Screen: Multitask With Two Apps Open at Once

Learn how to use android split screen to multitask with two apps at once — step-by-step setup, tips for every Android brand, and fixes for common problems.

Switching back and forth between two apps is one of those small frustrations that adds up fast — you’re referencing notes while writing an email, or watching a tutorial while trying to follow steps yourself. The fix is already built into your Android phone: android split screen multitask mode lets you run two apps side by side without constant toggling.

I use split screen almost every workday — typically with Chrome on top and my notes app below. Once I got the activation gesture down, it became second nature within a day. Here’s exactly how to set it up.

Quick Answer

To use android split screen, open recent apps (swipe up and hold, or tap the square button). Long-press the app icon at the top of any recent card and tap “Split screen.” Pick a second app from recents or your home screen. Both apps run simultaneously, separated by a draggable divider you can slide up or down.

What Is Android Split Screen Mode?

Android split screen divides your display into two independent app windows, each taking roughly half the screen. The feature has been built into Android since version 7.0 (Nougat), so any phone from around 2016 onward supports it — though the exact activation method varies by brand. If you’ve just switched phones, our step-by-step guide to transferring data to a new Android phone is a good starting point before exploring features like split screen.

Brand / OS How to Open Recent Apps Split Screen Trigger
Google Pixel (Android 12+) Swipe up + hold Long-press app icon → Split screen
Samsung One UI 4+ Swipe up + hold Long-press icon → Open in split screen view
3-button navigation (any brand) Tap the square button Long-press app icon → Split screen
Android Go edition Not supported

The wording differs by brand, but the core method is always the same: get into recent apps, long-press the app icon, and choose “Split screen.”

How Do You Enable Split Screen on Android?

These steps work on most Android phones running Android 9 or later with gesture navigation.

Step 1: Open Your Recent Apps

Swipe up from the bottom edge and hold for about one second. On a 3-button navigation phone, tap the square Overview button instead. Your recent apps appear as a scrollable stack of cards.

Step 2: Pin Your First App

Scroll to the app you want on top. Tap the small circular icon at the very top of its card — not the card body itself. A short menu appears. Tap “Split screen.” That app locks to the top half of the screen.

Step 3: Open Your Second App

The bottom half of the screen now shows your recent apps or your home screen. Tap the second app you want there. Both apps are now live simultaneously.

Pro tip: If the app you need isn’t in your recent apps, tap the Home icon that appears inside the split-screen picker, find the app on your home screen, and tap it — it drops straight into the lower pane without any extra steps.

The most common mistake is tapping the card body rather than the small circular icon at its very top — the card body triggers “Remove” or “App info,” not “Split screen.”

How Do You Adjust and Exit Split Screen?

Resizing the Panes

Drag the thick divider bar up or down to give one app more screen space. On a standard 6-inch phone, I usually pull the divider slightly below center so the bottom pane has more room for reading or typing.

Exiting Split Screen

Drag the divider bar all the way to the top or bottom edge of the screen. The app on the “swallowed” side closes and the surviving app expands to fill the full display. On Samsung devices, tapping the center of the divider bar also reveals a “Close Split Screen View” button.

Troubleshooting tip: If “Split screen” is grayed out or missing from the menu entirely, that app has disabled multi-window support — Netflix, most streaming apps, and many games block it by policy. Open the content in a browser tab instead, or switch to a compatible app. Chrome, Gmail, Google Maps, and most productivity apps all work fine in split screen.

Exiting split screen takes one gesture — drag the divider to either edge — and the remaining app fills the screen immediately.

What Mistakes Do People Make With Android Split Screen?

  1. Tapping the card instead of the icon. You must tap the small circular app icon at the very top of the recent-apps card. Tapping anywhere else on the card opens “Remove” or “App info” — neither leads to split screen.
  2. Expecting every app to cooperate. Netflix, full-screen YouTube, and most mobile games block split screen by design. Use a browser tab pointing to the same content as a workaround, or accept that some apps simply won’t support it.
  3. Trying it on Android Go. Android Go — the lightweight version of Android for budget devices — removes split screen entirely. Go to Settings > About phone to confirm whether you’re running Android Go.
  4. Overlooking Samsung’s pop-up window option. On Samsung One UI, “Pop-up view” floats an app in a resizable overlay above your split-screen pair, giving you three apps visible at once. It’s a hidden productivity gain worth knowing about on Samsung devices.

Most split screen frustrations trace back to two root causes: tapping the wrong part of the card, or trying to use an app that has disabled multi-window support.

Frequently Asked Questions

Does Android split screen work on tablets?

Yes, and tablets handle it better than phones because of the larger display. On Android 12L and later, tablets include a persistent taskbar at the bottom, letting you drag app icons directly into a split view. The activation steps are the same as on phones.

Will split screen drain my battery faster?

Running two active apps increases power draw. In my testing, I noticed roughly 15–20% faster battery drain during extended split screen sessions compared to single-app use. Close split screen when you don’t need both panes visible to preserve battery life.

Can I save a split screen pair as a shortcut?

On Samsung One UI 5.1 and later, tap the divider icon and choose “Add to Home screen” to create a shortcut that reopens the exact same app pair in one tap. Stock Android doesn’t offer this natively, though some third-party launchers add the feature.

What is the difference between split screen and picture-in-picture on Android?

Split screen gives each app a full interactive half of the display. Picture-in-picture (PiP) overlays a small floating video window on top of a full-screen app — you can’t fully interact with the PiP content beyond basic playback controls. Use PiP for background video; use split screen when you need both apps fully active.

Split screen and picture-in-picture solve different problems — the right choice depends on whether you need to interact with both apps or just monitor one passively in the background.

Conclusion

Android split screen multitasking is one of those built-in features that genuinely changes how you use your phone once it becomes a habit. Start with a simple pair — Chrome on top, your notes app below — and you’ll quickly discover other combinations that save real time every day.

To get even more from your Android device, see how Android Digital Wellbeing can help you manage screen time, or review the Android privacy settings worth changing today. For the full technical background, Google’s official multi-window documentation covers every supported device and API detail.

Android Digital Wellbeing: Cut Your Screen Time With These Built-In Tools

Android digital wellbeing screen time tools — App Timers, Focus Mode, and Bedtime Mode — are free and built into every Android 9+ phone. Start cutting screen time in minutes.

I opened my phone stats one evening and discovered I had spent over three hours scrolling through social media without remembering a single post. That discovery sent me straight into Android Digital Wellbeing — a free toolkit built into every Android 9+ phone that shows exactly where your time goes and gives you tools to reclaim it. The single most important thing to know is that you do not need any third-party app to manage android digital wellbeing screen time; everything you need is already installed on your phone.

Digital Wellbeing tracks time spent in each app, counts how many times you unlock your phone per day, and logs your hourly notification volume. Once you see those numbers laid out, the fixes are obvious — and they take less than five minutes to configure.

Quick Answer

Open Settings > Digital Wellbeing & parental controls. The dashboard shows today’s screen time by app. Tap any app to set a daily timer that grays it out when the limit is reached. Enable Focus Mode to pause distracting apps on demand and Bedtime Mode to switch your display to grayscale before sleep. All three features are free and built into Android 9+.

How Do I Open Android Digital Wellbeing?

  1. Open the Settings app on your phone.
  2. Scroll down and tap Digital Wellbeing & parental controls. On Samsung Galaxy phones it appears as Digital Wellbeing; if you cannot find it on any device, search “digital wellbeing” in the Settings search bar.
  3. The main screen loads a chart showing today’s total screen time split by app, plus your unlock count and notification count for the day.

The first time you see that chart, the numbers are almost always higher than expected — it is the most honest mirror your phone has.

How Do I Set an App Timer?

App timers cap daily use on any single app. When the limit runs out, the app icon turns gray and a “Time’s up” screen appears instead of opening the app.

  1. On the Digital Wellbeing screen, tap Dashboard.
  2. Find the app you want to limit and tap the hourglass icon beside its name.
  3. Set a daily time limit — 30 minutes works well for social media — then tap OK.

You can tap Ignore for today to override a timer, so it functions as a prompt rather than a hard lock. In my experience that single moment of friction is enough to make me stop and actually decide whether I want to keep scrolling.

Pro tip: Check your actual average on the Dashboard before setting a limit. Start 20% above your real usage and step the timer down by five minutes each week — gradual reduction sticks far better than an immediate cold-turkey cut.

A timer set near your real baseline is one you will respect; one set too low just trains you to dismiss the warning without thinking.

What Is Focus Mode and When Should I Use It?

Focus Mode pauses a chosen set of apps with a single tap. Paused apps go gray and cannot be opened until you end Focus Mode or your scheduled window closes. It works well for work hours, study sessions, and any time you need sustained attention.

Setting Up Focus Mode

  1. In Digital Wellbeing, tap Focus Mode.
  2. Check the apps you want to pause — social media, news apps, and games are the usual picks.
  3. Tap Turn on now for instant focus, or tap Set a schedule to run it automatically on chosen days and hours.

When Focus Mode is active and you tap a paused app, Android offers a five-minute break rather than a flat lockout — a deliberate prompt to decide consciously. If your scheduled Focus Mode ever fails to start, go to Settings > Battery > Battery Saver and confirm it is not restricting background activity for system services.

Scheduling Focus Mode beats relying on willpower — once the schedule is set, the system does the heavy lifting so you do not have to remember.

How Does Bedtime Mode Help You Sleep Better?

Bedtime Mode — called Wind Down on Pixel devices — runs at your chosen bedtime and does two things: it switches the display to grayscale and enables Do Not Disturb to stop notifications. If DND ever unexpectedly blocks alarms or important calls, the guide on fixing missing Android notifications covers which Do Not Disturb settings to review.

Turning On Bedtime Mode

  1. In Digital Wellbeing, tap Bedtime Mode.
  2. Set your Bedtime start time and Wake up time.
  3. Toggle on Grayscale and Do Not Disturb.

I have run Bedtime Mode at 10:30 PM for several months. The grayscale change alone moved my average phone-down time about 20 minutes earlier — a gray screen is simply less compelling than a vivid, colorful one, and that pull disappears the moment color does.

Grayscale removes one of the primary visual hooks keeping you on the screen, and it requires zero effort to maintain once it is set.

Which Digital Wellbeing Tool Should You Start With?

Each tool targets a different pattern. This comparison table shows when each one is most effective:

Tool Best for Setup time Can you override it?
App Timer Limiting one addictive app (TikTok, YouTube) 30 seconds Yes — one tap
Focus Mode Blocking distractions during work or study 2–3 minutes Yes — 5-min break offered
Bedtime Mode Winding down before sleep 1 minute No automatic override

Start with one App Timer on your single biggest time-sink, then layer in Focus Mode once that habit feels normal — one change at a time is easier to sustain than a total overhaul.

What Are the Most Common Digital Wellbeing Mistakes?

  • Setting the first timer too strict. Jumping from two hours of daily YouTube to 15 minutes guarantees you will tap “Ignore” every day and learn nothing. Fix: check your Dashboard baseline, then start just 20% below it.
  • Never checking the Weekly report. Daily totals reset at midnight, but the weekly view reveals trends. Fix: open the chart on the Dashboard, swipe to the weekly tab, and review it once a week.
  • Tracking screen time but ignoring unlock count. Five minutes per session multiplied by 60 unlocks still totals five hours of fragmented attention. Fix: glance at the unlock number each morning alongside your screen time total.
  • Leaving Focus Mode on manual only. It is easy to forget to turn it on when work starts. Fix: configure a recurring schedule so Focus Mode activates automatically on weekday mornings.
  • Assuming Bedtime Mode will stop phone use entirely. It dims and desaturates the screen but does not lock the phone. Fix: charge your phone outside the bedroom so the physical distance reinforces the digital limit.

Frequently Asked Questions

Does Android Digital Wellbeing work on Samsung phones?

Yes. Samsung ships it as Digital Wellbeing in Settings with the same App Timers, Focus Mode, and Bedtime Mode found on stock Android. I confirmed this on a Galaxy S24 running One UI 6 — the path is Settings > Digital Wellbeing, and all core features work identically.

What happens when an app timer runs out mid-session?

The timer does not interrupt you while the app is open. The gray-out triggers the next time you try to open the app from the home screen or app drawer. A “Time’s up” screen gives you the option to ignore for the rest of the day, and the timer resets automatically at midnight.

Can I use Digital Wellbeing to limit my child’s screen time?

Digital Wellbeing manages your own device only. For a child’s Android phone, tap Parental controls inside the Digital Wellbeing menu to launch Google Family Link setup — Google’s free service for approving apps, setting remote screen time limits, and viewing location from your own device.

Can I see more than today’s screen time data?

Yes. Tap the chart on the Dashboard and switch to the weekly view to see per-app daily totals for the past seven days. Digital Wellbeing does not store data beyond seven days natively; if you need longer history, a third-party tracker like ActionDash can extend that window.

Conclusion

Android Digital Wellbeing gives you three practical tools — App Timers, Focus Mode, and Bedtime Mode — to reduce screen time without installing anything extra. Open your Dashboard today, set one timer on your biggest time-sink, and check the weekly report seven days later to see the difference. Once your own usage is under control, explore the rest of what Android’s security suite can do, starting with setting up Google Find My Device to protect your phone if it is ever lost or stolen.