Passkey & Two-factor authentication
Passkeys represent the next generation of secure logins, building on open standards like FIDO2 and WebAuthn. Instead of typing a password and then confirming your identity with an SMS code or a separate authenticator app, passkeys offer a seamless, phishing-resistant, and device-based method to prove who you are. By tying authentication to public-key cryptography, passkeys let you securely verify your identity with a private key stored on your device (for example, within a secure hardware chip). This private key never leaves your device, drastically reducing the risk of credential theft or interception.
Why Passkeys Are More Secure Than Traditional 2FA
Phishing Resistance
Traditional 2FA methods—like SMS or one-time codes—can be intercepted by attackers through phishing sites or social engineering scams. Passkeys, however, use cryptographic challenges that cannot be replayed. Because there’s no shared secret to steal or code to intercept, phishing attempts are largely neutralized.
Device-Based Authentication
Passkeys are generated and stored in secure enclaves on your devices, such as the Secure Element on smartphones or Hardware Security Modules (HSMs). This ensures that the private key cannot be exported or shared. Even if an attacker obtains your device, they typically can’t unlock your passkeys without your biometric or PIN.
Elimination of Password Vulnerabilities
Passkeys remove the weakest link: passwords. There is no risk of password reuse, weak passwords, or password databases being compromised. Instead, each service gets a unique cryptographic key pair, making credential-stuffing and brute-force attacks effectively impossible.
Easier User Experience
With passkeys, users don’t need to memorize complex passwords or juggle one-time tokens. A quick biometric scan or secure device unlock method suffices—leading to both improved security and user convenience.
Skipping the Password Entirely
Instead of typing a password at all, you can log in using a passkey alone. During sign-up or first-time setup, you create a passkey on your trusted device. After that, whenever you need to log into the service, you simply verify yourself on that device (via fingerprint, face scan, or device PIN) and the secure hardware handles the rest behind the scenes.
This eliminates the need for any password while still maintaining (and even exceeding) the security expected from two-factor methods.
🔑 Passkey Authentication
We highly recommend all users enable Passkey login for enhanced security and seamless access. To enable passkey authentication:
- Log in to your account.
- Navigate to Profile Settings.
- Click the button Add a Passkey and follow the setup instructions.
Passkeys provide stronger security than traditional passwords by utilizing device-based authentication, reducing the risk of phishing and unauthorized access.
Important Note:
Once enabled, you can only use your passkey to log in without entering a password.
Passkey Recovery
Accidentally Deleted Your Passkey?
If you have accidentally deleted your passkey, check your password manager on Windows or Mac for recently deleted passkeys. Normally, they remain available for recovery for up to 30 days.
🛠 Administrator Assistance
If you cannot recover your passkey, ask your administrator to remove the passkey from your account:
- Navigate to Team and Security.
- Click Disable Passkey to remove the passkey associated with your account.
If the Administrator Lost Their Passkey
- Another admin can reset the lost passkey.
- If all administrators lose their passkeys, you must contact support to book a video meeting for a full account reset. This process involves an extensive identification verification for the administrator.
- If you have enabled ultra strong encryption and loose all your passkeys - then all your data will be lost in a full account reset.
Updated about 1 month ago