logo
SecurityPasskeys

Passkeys

How to set up and use passkeys (FIDO2/WebAuthn) for secure, phishing-resistant login to Forbidden Finance.

Overview

Passkeys are the most secure and convenient way to protect your Forbidden Finance account. A passkey uses your device's built-in biometrics -- Face ID, Touch ID, fingerprint, or Windows Hello -- to verify your identity. Unlike passwords, passkeys cannot be phished, guessed, or leaked in a data breach. They are stored securely on your device and never sent over the network.

Forbidden Finance recommends passkeys as your primary authentication method. You can use a passkey as a second factor alongside your password, or as a standalone sign-in method that replaces your password entirely.

How Passkeys Work

When you create a passkey, your device generates a unique cryptographic key pair. The private key stays on your device (protected by your biometrics), and a corresponding public key is stored with your Forbidden Finance account. During login, your device proves it holds the private key without ever transmitting it. This makes passkeys immune to phishing attacks -- even if someone creates a fake login page, the passkey only works with the real Forbidden Finance app.

How to Set Up a Passkey

Open Security Settings

Go to Settings > Security > Passkeys in the Forbidden Finance app.

Tap Add Passkey

Tap Add Passkey. Your device's biometric prompt appears.

Authenticate with your device

Use Face ID, Touch ID, fingerprint, or Windows Hello to confirm. If your device does not support biometrics, you may be prompted for your device PIN instead.

Name your passkey (optional)

Give the passkey a recognizable name, such as "iPhone 15" or "Work Laptop." This helps you identify which device a passkey belongs to if you have multiple.

Your passkey is now active. You can use it immediately on your next login.

How to Sign In with a Passkey

Open Forbidden Finance

Open the app or navigate to the web app login screen.

Tap Sign in with Passkey

Instead of entering your password, tap the Sign in with Passkey option.

Authenticate with your device

Complete the biometric prompt (Face ID, Touch ID, fingerprint, or Windows Hello). You are signed in immediately.

Supported Platforms

PlatformBiometric MethodSync
iPhone (iOS 16+)Face ID or Touch IDiCloud Keychain
Android (9+)Fingerprint or face unlockGoogle Password Manager
macOS (Ventura+)Touch ID or device passwordiCloud Keychain
Windows (10+)Windows Hello (face, fingerprint, or PIN)Microsoft account
Chrome, Safari, Edge, FirefoxDepends on OSDepends on OS

Managing Your Passkeys

Go to Settings > Security > Passkeys to see all passkeys linked to your account. From this screen you can:

  • View the name, creation date, and last-used date for each passkey
  • Rename a passkey to keep your list organized
  • Remove a passkey you no longer use or that belongs to a lost device
If you remove all passkeys and do not have an authenticator app set up, your account falls back to password-only login. We recommend always having at least one MFA method active.

Tips

Set up passkeys on every device you use regularly. If your devices share an ecosystem (Apple, Google, or Microsoft), passkeys may sync automatically, so you might only need to create one.
If you travel frequently, consider keeping a passkey on your phone and a separate one on a hardware security key as a backup.
Passkeys work even without an internet connection for the biometric verification step. The connection is only needed to complete the login handshake with the server.

Frequently Asked Questions

Are passkeys safer than passwords?

Yes. Passkeys cannot be phished, reused across sites, or leaked in a database breach. They are the industry gold standard for authentication security, backed by the FIDO Alliance and supported by Apple, Google, and Microsoft.

What if my device does not support biometrics?

You can still create a passkey using your device's PIN or screen lock. The security benefit of passkeys comes from the cryptographic key pair, not just the biometric step.

Can I use a passkey on multiple devices?

If your devices share the same ecosystem (for example, multiple Apple devices with iCloud Keychain), the passkey syncs automatically. Otherwise, create a separate passkey on each device.

What happens if I lose the device with my passkey?

If your passkey is synced through iCloud Keychain or Google Password Manager, it is available on your other devices. If the passkey was only on the lost device, sign in with your password and authenticator app, then remove the old passkey and create a new one. If you are locked out entirely, contact support at support@403fin.io.

Can I use a passkey and an authenticator app at the same time?

Yes. You can have both set up. When you log in with your password, you choose which second factor to use. Or you can bypass the password entirely by choosing the passkey sign-in option.

Do passkeys work on the web app?

Yes. Passkeys work in Chrome, Safari, Edge, and Firefox on both desktop and mobile browsers, as long as your operating system supports WebAuthn.

Authenticator App (TOTP)

Alternative MFA with 6-digit codes.

Biometric Unlock

Device-level unlock after app resume.

Session Management

View and revoke active login sessions.

Login Problems

Troubleshoot passkey and login issues.

Need more help? Contact us at support@403fin.io.

Was this page helpful?

Last updated today

Built with Documentation.AI