Skip to main content

How to Create a Passkey? (App)

  • Updated

What are passkeys?

BloFin now supports Fast Identity Online (FIDO) passkeys as a two-factor authentication method. Passkeys allow you to enjoy password-free login and withdraw without the need for verification codes while being the most secure option to protect your account.
Learn more about FIDO at: https://fidoalliance.org/fido2/
Note:
"App lock" and "Passkey" are two different concepts that vary in terms of application security and access control. "App lock" is a security feature at the application level, protecting access to BloFin. On the other hand, "Passkey" is a security measure used for authentication during login or withdrawal submissions.
If you want to use YubiKey or biometric authentication for login and withdrawals, please follow an additional step. The information associated with app lock will not be utilized for identity verification in these cases.
 

Create a passkey

1. Before you create a passkey, make sure you have at least:
  • A mobile device with iOS 16.0.0+ or Android 9.0+ or above
  • A USB security key that supports the FIDO2 protocol
  • Update your BloFin APP to the latest version
2. Log in your BloFin account, click the [Account] button on the home page and select [Account & Security].
 
passkey 1.png     passkey 2.png
 
3. Find the [Passkeys] in Account & Security.
 
passkey 3.png
 
4. Select [Add Passkeys] and complete the security verification.



If your account is linked to just one of either a mobile number or email address, a pop-up prompt will remind you to bind at least two security items in your account. Click [Enable] to be redirected to the security page and complete the process.

Note: to secure your assets, link any two of the following: mobile number, email address, or Google Authenticator.
 
   

After you've completed your account security setup by binding at least two security items to your account, click [Add passkey] again and complete the verification to continue creating your passkey.
 
   
 
5. If you want to create your passkey with your current device, select [Continue] and complete the biometric authentication/PIN code on your device.
 
passkey 6.png 
 
6. If you want to create your passkey on a different device, select Other Options.
  • Select iPhone, iPad, or Android device and then use the other device to scan the QR code and complete the authentication.

passkey 7.png
 passkey 8.jpeg
passkey 9.png

  • Select Security key (only available on iOS devices), and then insert your security key and follow the instructions to create your passkey.
    Note: To add a YubiKey to the passkey, you must first set a PIN for it. Please visit our website to add the YubiKey or set the FIDO2 PIN using the YubiKey Manager app.

passkey 10.jpeg   passkey 11.jpeg

Notes:  When you add two or more passkeys in your account, it requires to verify with one of created passkeys or switch to other authentication methods to complete the verification process.


Verify with passkey

Passkey verification is currently conducted during both the login and withdraw processes. Once you have enabled the passkey feature, here is the process to verify it during the login flow:


Verify with your current device

1. Log in to your account.
2. You'll be prompted to use passkey to sign in directly.
 
passkey 12.png
 
3. Or you can close the window and select login with password to sign in.
 

Verify with another device (Only available on iOS devices)

1. Log in to your account.
2. You'll be prompted to use passkey to sign in and select Other Sign In Options.
 
passkey 13.png
 
3. Select iPhone, iPad, or Android device and select Continue to get a QR code.
4. Use your other device to scan the QR code to sign in to BloFin.
 

Rename passkey

You can go to menu > Profile > Account & Security > Passkeys to rename your passkey to help you identify the passkey easily.

passkey 14.png

Remove your passkey

To remove a passkey, tap the [Delete] icon, verify your current passkey or switch other authentication methods to complete the security verification. The passkey is deleted successfully.

passykey 15.png

 

Notes: 
1. To secure your assets, ensure you link two of the following security settings in advance: mobile number, email address, or Google Authenticator.
2. If you happen to exceed the limit of 10 passkeys for your account, you can remove any unused passkeys.
3. In the process of adding or removing a passkey, you need to verify your passkey or switch to other authentication methods to complete the verification process.
4. Removing your passkeys may potentially lower the security level of your account or device. It is highly recommended to consider the associated risks before proceeding.

Related articles