Passkeys (passkey)
Sign in with biometric or hardware-key — no password retyping needed.
Overview
Passkeys are a phishing-resistant sign-in method. Your fingerprint, face, or hardware key authenticates you — no password to phish, no code to type. Use one or both alongside a TOTP authenticator.
Prerequisites
- A device or hardware key supporting passkey — Touch ID/Face ID Mac, Windows Hello, YubiKey, etc.
- Active sign-in
Steps
Open Security settings. Avatar → My Profile → Security.
Click "Set up passkey". Browser prompts to use available authenticators.
Choose the method. Built-in biometric (Touch ID/Face ID), security key (YubiKey), or platform-managed (e.g. iCloud Keychain).
Authenticate. Touch ID, face scan, or tap the security key.
Name the passkey. "MacBook Touch ID", "Office YubiKey", "Personal phone".
Save. Passkey enrolled.
Sign in with passkey. Sign out, then on the sign-in page click Sign in with passkey. Browser prompts; biometric/key authenticates.
Manage passkeys. Settings → Security → Passkeys lists every passkey. Remove ones you no longer use.
Expected outcome
- A new Passkey entry exists per device, linked to your user
- Sign-in works without typing password (passkey alone, or as a 2FA factor)
- Removed passkeys can no longer authenticate
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
| Browser doesn't prompt | Browser doesn't support passkey | Use Chrome, Edge, Firefox, or Safari (current version) |
| Passkey enrolment fails | OS-level blocker | Allow browser keychain access in OS settings |
| Sign in with passkey fails | Device biometric not configured | Set up Touch ID/Face ID in OS first |
| Can't add cross-device passkey | Some browsers/OS combos | Use a hardware key if your platform doesn't support cross-device |
| Want to use a passkey on a new computer | Cross-device or set up new | Cross-device with QR available on most platforms |