How to Create and Use a Passkey for Secure Authentication

Passkeys represent a modern approach to authentication, moving beyond traditional passwords. They offer a more secure and convenient way to access your accounts. This guide explains what they are and provides a clear, step-by-step process for setting them up.

What Is a Passkey?

A passkey is a passwordless authentication method based on the FIDO (Fast Identity Online) standard. It allows you to log in to supported services without entering a password or waiting for a verification code. Instead, it uses cryptographic keys stored on your device to prove your identity, making it one of the most secure options available for protecting your account.

Once you activate a passkey, at least one passkey must always remain linked to your account. You can reset an existing passkey or add a new one, but you cannot remove all passkeys, ensuring continuous security.

The exact verification method depends on your device and platform. A passkey can be created using your phone's built-in biometric sensors (like Fingerprint Unlock or Face ID), a physical USB security key, or even from another trusted device. You will be guided through the specific steps during the setup process.

Prerequisites for Creating a Passkey

Before you begin, ensure you have one of the following:

• A mobile device running iOS 16.0.0 or later, or Android 7.0 or later.
• A USB security key that supports the FIDO2 protocol.

Step-by-Step Guide to Creating a Passkey

Follow these instructions to set up your new passkey.

1. Open your application and navigate to the menu. Select Profile and Settings. You can typically find the menu icon in the top-left corner of the screen.
2. Locate the Security section within the User Center. From there, find and enter the Security Center.
3. Inside the Security Center, look for and select the Passkey option.
4. Choose Enable to begin the process. You will be asked to complete a security verification, which may involve your existing two-factor authentication (2FA) method.
5. You will then be presented with a choice for how to create your passkey.

Option A: Create a Passkey on Your Current Device

• If you wish to create a passkey using the device you are currently on, select Continue.
• Your device will prompt you to complete a biometric authentication (fingerprint or facial recognition) or enter your device's PIN/password to finalize the creation process.

Option B: Create a Passkey on a Different Device

• If you want to use a separate device, select Other Options.

• To use another mobile phone or tablet:

  • Choose iPhone, iPad, or Android device.
  • A QR code will appear on your screen. Use the camera on your other device to scan this code and follow the on-screen instructions on that device to complete the setup.

• To use a physical security key (iOS only in this context):

  • Select Security Key.
  • Insert your USB security key and follow the specific instructions provided by your browser and operating system to create the passkey.

👉 Explore more secure authentication strategies

How to Verify Using a Passkey

After successfully enabling a passkey, you can use it for verification.

Verification on Your Current Device

When logging in on a device that has a recognized passkey, you will be automatically prompted to use it for verification. Simply authenticate using your biometrics or device PIN.

Verification Using a Different Device

If you are logging in on a new device or browser without your passkey, follow these steps:

1. You will be prompted to use your passkey. Select Other login options.
2. Choose iPhone, iPad, or Android device and then select Continue to generate a QR code.
3. Use the camera on the device where your passkey is stored (e.g., your primary phone) to scan the QR code. This will securely transfer the login request to your other device for approval.

Managing Your Passkeys: Reset and Delete

You can manage your registered passkeys by going to Menu > Profile and Settings > Security > Security Center > Passkey.

Resetting a Passkey

Resetting a passkey allows you to replace an existing one with a new passkey, which is useful if you get a new phone or lose a security key. If your account only has one passkey linked, Reset will be your only option to maintain the required security level.

Steps to reset a passkey:

1. Navigate to the Passkey management screen as described above.
2. Select the specific passkey you want to reset and complete the security verification process.
3. Follow the prompts to create a new passkey, replacing the old one. In some cases, additional verification may be required, which could take up to 24 hours. You will be notified once the process is complete.

Deleting a Passkey

You can only delete a passkey if your account has more than one passkey registered. This ensures your account always has at least one method of passkey authentication. The maximum number of passkeys per account is typically 10; you must delete one before adding a new one if you reach this limit.

Steps to delete a passkey:

1. From the management screen, select the passkey you wish to remove.
2. Complete the security steps to confirm the deletion request.

Important Security Note: Deleting a passkey, especially one stored on a lost or stolen device, is a good security practice. However, removing a trusted device may reduce your account's security flexibility. Always consider the risks before proceeding.

Security Notice: 24-Hour Withdrawal Restriction

For your protection, the platform may activate a 24-hour restriction on withdrawal transactions and P2P trading after you reset or delete a passkey. This cool-down period helps prevent unauthorized account changes.

• The restriction is automatically triggered if you reset your passkey.
• The restriction is also triggered if you delete a passkey and do not use another passkey to verify your identity during the process (e.g., if you use 2FA or facial verification instead).

Frequently Asked Questions

What happens if I lose the device that has my passkey?
If you lose your phone or security key, you should immediately use another registered passkey (if you have one) or your other 2FA methods to log in and reset the lost passkey. The 24-hour security restriction will help protect your funds during this process.

Can I use the same passkey on multiple devices?
Some platforms and operating systems, like iCloud Keychain and Google Password Manager, allow for the secure syncing of passkeys across your signed-in devices. Otherwise, you typically need to register each device individually as a new passkey.

Are passkeys more secure than SMS-based 2FA?
Yes, significantly. Passkeys are resistant to phishing attacks and SIM-swapping scams, which are common vulnerabilities for SMS codes. They use public-key cryptography, meaning your private key never leaves your device.

What if the website or app I used a passkey for goes offline?
Your passkeys are stored on your personal devices, not the service's server. You can still use them for authentication as long as you have access to your device and the service is online. However, you cannot create new logins for a defunct service.

Can I use a passkey on a public or shared computer?
It is not recommended to create a passkey on a public computer. However, you can log in to a service on a public computer by using the "Other login options" and scanning a QR code with your personal mobile device that has the passkey.

Do I still need a password if I have a passkey?
For accounts that fully support passkeys, you can often set it up to no longer require a password for login, using the passkey as the primary authentication method. You will still likely need a password for certain account management tasks.