Security

Passkeys and passwordless sign-in

Passkeys let you sign in with Face ID, Touch ID, Windows Hello, or a hardware security key instead of typing anything. They are backed by WebAuthn, so nothing secret ever leaves your device.

What are passkeys?

  • A passkey is a cryptographic key pair. The public key lives on our servers; the private key never leaves your device.
  • During sign-in you simply approve a biometric prompt or hardware key challenge. No password can be phished or reused.
  • Passkeys can sync via iCloud Keychain, Google Password Manager, 1Password, or any FIDO2-compatible manager.

Requirements

  • Recent versions of Chrome, Safari, Edge, Firefox, iOS, iPadOS, macOS, Windows, or Android.
  • A built-in authenticator (Face ID, Touch ID, Windows Hello) or an external FIDO2 key such as YubiKey.

Registering a passkey

  1. Sign in using an emailed code, an existing passkey, or your Google/Microsoft account.
  2. Open the Account page and click Register a passkey.
  3. Approve the browser prompt—use Face ID/Touch ID, Windows Hello, your device PIN, or tap your hardware key.
  4. Repeat on other browsers or devices to create additional passkeys. Each device stores its own copy.

You can visit the Account page after signing in to review or remove registered credentials.

Signing in with a passkey

  1. Go to the sign-in page.
  2. Choose Use a passkey.
  3. Complete the biometric or hardware prompt and you're in.

Troubleshooting tips

  • No prompt appears – You may not have a passkey registered for this account yet. Sign in with an emailed code or social account first, then register a passkey from the Account page.
  • New device – Passkeys don't automatically transfer to new devices unless synced via iCloud Keychain, Google Password Manager, or a compatible password manager. Register an additional passkey from the Account page after signing in on the new device.
  • Hardware keys – Use USB-C/Lightning adapters or NFC as needed. Some keys must be tapped or have a PIN entered before they respond.
  • Deleted credentials – If you removed a passkey from your password manager, simply register a new one. Old keys will fail gracefully.

Privacy & security

Passkeys resist phishing, credential stuffing, and keylogging because there is nothing to steal. Your biometric data never leaves the device—it merely unlocks the local private key so it can complete the challenge we send.

Need help with a specific device?

Send us the browser, device model, and any error text via the contact form. We will walk you through enabling platform authenticators or hardware keys.

Previous
List navigation
Next
Common questions