MFA-Passkeys (FIDO2 / WebAuthn)

Scope

This section explains how to use Passkeys (FIDO2 / WebAuthn) as a Multi-Factor Authentication (MFA) method, including:

  • What passkeys are and how they work

  • How to set up a passkey

  • How passkey verification works during sign-in

Passkeys are a passwordless, phishing-resistant authentication method that uses your device’s built-in security (biometrics or screen lock).

I am new. Where should I start?

If you want the highest level of account security with the simplest user experience, passkeys are the recommended option.

Passkeys allow you to:

  • Sign in using biometrics (Face ID, Touch ID, Windows Hello)

  • Or your device PIN / screen lock

  • Avoid typing one-time codes or passwords during verification

Passkeys are supported on:

  • Modern browsers (Chrome, Safari, Edge, Firefox)

  • iOS, Android, macOS, Windows devices

Purpose

Passkeys provide strong, phishing-resistant authentication by:

  • Eliminating shared secrets (no codes to steal)

  • Binding authentication to a specific device

  • Leveraging FIDO2 / WebAuthn standards

This significantly reduces risks from:

  • Phishing attacks

  • Credential reuse

  • Man-in-the-middle attacks

Prerequisites

Before setting up a passkey, make sure that:

  • Your account is created and signed in

  • Multi-Factor Authentication (MFA) is enabled

  • Your device supports:

    • Biometrics (Face ID, Touch ID, fingerprint), or

    • Secure screen lock (PIN / pattern)

  • You are using a supported browser

I already understand. How do I proceed step by step?

Step 1: Enable Multi-Factor Authentication

  1. Go to Account → Security

  2. Turn on Multi-Factor Authentication

⚠️ Email verification is automatically enabled when MFA is turned on. Passkeys are added as an additional verification method.

Step 2: Set up passkey

  1. In Security → Multi-Factor Authentication

  2. Select Passkey

  3. Click Set up passkey

  4. Click Create passkey

Step 3: Verify your identity on device

  1. Click Continue

  2. Follow the on-screen instructions provided by your device:

    • Face ID / Touch ID

    • Device PIN or screen lock

🔐 Your private key is securely stored on your device and never shared.

Step 4: Passkey created successfully

Once verified:

  • Your passkey is registered

  • MFA using passkey is now active

Sign-in flow with passkey

When signing in with passkey enabled:

  1. Enter your email and password

  2. Passkey is selected as the default verification method

  • Click button Continue

  • Verify your identity using a registered passkey.

  • ✅ Sign-in completes automatically after successful verification.

Security motes

  • Passkeys are phishing-resistant

  • No verification codes are generated or transmitted

  • Private keys never leave your device

  • Each passkey is bound to a specific device

  • You can remove a passkey from Security settings at any time

Troubleshooting

Device lost or replaced?

  • Use Email MFA or Authenticator App (if enabled)

  • Register a new passkey on your new device

Passkey not available?

  • Ensure your browser and OS are up to date

  • Make sure device lock or biometrics are enabled

Summary

Item

Description

MFA method

Passkeys (FIDO2 / WebAuthn)

Verification type

Biometrics / Device lock

Used during

Sign-in after password

Internet required

No (after initial setup)

Security level

Very high

Best for

Passwordless-like, high-security access

PreviousMFA-Authenticator apps (TOTP)NextAccount recovery flows

Last updated