Secure Your Account
How to set up passkeys, authenticator app MFA, and biometric unlock to protect your Forbidden Finance account.
Overview
After creating your account, the next step is to add extra security. Forbidden Finance supports passkeys, authenticator apps (TOTP), hardware security keys, and biometric unlock. We recommend setting up at least one additional authentication method right away so your account stays protected even if your password is compromised.
Passkeys are the recommended option. They are phishing-resistant, work with the biometrics already built into your device, and make signing in faster than typing a password.
How to Set Up Passkeys (Recommended)
Open Security Settings
Go to Settings > Security > Passkeys in the app.
Tap Add Passkey
Tap Add Passkey. Your device prompts you to authenticate using Face ID, Touch ID, fingerprint, or Windows Hello, depending on your platform.
Confirm the passkey
Complete the biometric or PIN prompt. The passkey is saved to your device and linked to your Forbidden Finance account.
Once set up, you can use your passkey as both a second factor during login and as a standalone sign-in method (no password needed).
How to Set Up an Authenticator App (TOTP)
Open Security Settings
Go to Settings > Security > Authenticator App.
Scan the QR code
Open your authenticator app (such as Google Authenticator, Authy, or 1Password) and scan the QR code displayed on screen.
Enter the 6-digit code
Type the 6-digit code from your authenticator app to verify the setup.
After setup, you enter a code from your authenticator app each time you log in with your password.
How to Enable Biometric Unlock
Open Security Settings
Go to Settings > Security > Biometric Unlock.
Toggle it on
Enable the biometric unlock toggle. Your device prompts you to confirm with Face ID, Touch ID, or fingerprint.
Biometric unlock is an app-level convenience feature, not a replacement for your login credentials. It triggers when you return to the app after it has been in the background, so you do not have to re-enter your password every time you switch apps. You still need your password (or passkey) to log in from a new device or after a session expires.
Key Details
| Method | Type | When It Is Used |
|---|---|---|
| Passkey | Phishing-resistant MFA or passwordless login | During login, can replace password |
| Authenticator app (TOTP) | 6-digit code MFA | During login, after password |
| Hardware security key (U2F) | Physical key MFA | During login, after password |
| Biometric unlock | App-level convenience | When resuming the app from background |
Tips
Frequently Asked Questions
Do I need both a passkey and an authenticator app?
No. Either one provides strong protection. A passkey is our top recommendation because it is phishing-resistant and faster to use. You can set up both if you want a backup option.
What devices support passkeys?
Passkeys work on iPhones with iOS 16 or later, Android devices with Android 9 or later, and desktop browsers that support WebAuthn (Chrome, Safari, Edge, Firefox). They use your device's built-in biometrics like Face ID, Touch ID, or Windows Hello.
What happens if I lose my phone?
If you have a passkey synced through your device ecosystem (iCloud Keychain, Google Password Manager), it is available on your other devices. If you used only a single device, contact support at support@403fin.io to regain access.
Can I remove a passkey later?
Yes. Go to Settings > Security > Passkeys to view and remove any passkey linked to your account.
Related Articles
Passkeys
Full guide to passkey setup and usage.Authenticator App (TOTP)
Detailed authenticator app setup.Biometric Unlock
How biometric unlock works on each platform.Session Management
Manage active sessions and timeouts.Need more help? Contact us at support@403fin.io.
Last updated today
Built with Documentation.AI