Passkeys

Passkeys are the most secure and convenient way to authenticate to Vigil.

What Are Passkeys?

Passkeys use WebAuthn, a modern web standard for authentication:

• Phishing-resistant - Can't be tricked into entering credentials on fake sites
• No passwords - Nothing to remember or steal
• Biometric or hardware - Face ID, Touch ID, or security keys
• Cross-platform - Sync via iCloud, Google Password Manager, etc.

How Passkeys Work

1. You initiate login
         │
         ▼
2. Vigil requests passkey challenge
         │
         ▼
3. Your device prompts for biometric/PIN
         │
         ▼
4. Device signs challenge with private key
         │
         ▼
5. Vigil verifies signature
         │
         ▼
6. You're logged in

Creating a Passkey

During Registration

1. Sign up with email
2. Choose "Create Passkey"
3. Follow device prompts (Face ID, Touch ID, etc.)
4. Passkey created

Adding to Existing Account

1. Go to Account → Security → Passkeys
2. Click Add Passkey
3. Enter a friendly name (e.g., "iPhone", "MacBook")
4. Authenticate with device
5. Passkey registered

Platform Support

Desktop

Platform	Method
macOS	Touch ID, security key
Windows	Windows Hello, security key
Linux	Security key

Mobile

Platform	Method
iOS/iPadOS	Face ID, Touch ID
Android	Fingerprint, face unlock

Passkey Managers

Passkeys can sync across devices:

• iCloud Keychain (Apple devices)
• Google Password Manager (Chrome/Android)
• 1Password, Bitwarden (cross-platform)

Using Passkeys

To Log In

1. Go to login page
2. Click your email or "Use Passkey"
3. Authenticate with biometric/PIN
4. Logged in

As Second Factor

If you have email+password:

1. Enter email and password
2. Verify with passkey
3. Logged in

Managing Passkeys

Viewing Passkeys

1. Go to Account → Security → Passkeys
2. See all registered passkeys
3. View:
4. Friendly name
5. Created date
6. Last used

Renaming Passkeys

1. Click edit icon on passkey
2. Enter new name
3. Save

Removing Passkeys

1. Click delete icon
2. Confirm removal
3. Passkey invalidated

Keep at Least One Method

Don't remove your last passkey unless you have another authentication method or recovery codes.

Best Practices

Multiple Passkeys

Register passkeys on multiple devices:

Primary Device:
  └── iPhone passkey (Face ID)

Backup Devices:
  ├── MacBook passkey (Touch ID)
  └── YubiKey (hardware key)

Hardware Security Keys

For maximum security, use a hardware key:

• YubiKey - USB/NFC keys
• Titan Security Key - Google keys
• SoloKeys - Open-source keys

Passkey Backup

Ensure you won't lose access:

• Use passkey manager with cloud sync
• Register multiple passkeys
• Keep recovery codes as backup

Troubleshooting

"Passkey Not Recognized"

Solutions: - Ensure browser supports WebAuthn - Update browser to latest version - Try different browser

"This Device Doesn't Support Passkeys"

Solutions: - Use security key instead - Use different device - Fallback to email+password

Lost Passkey Device

1. Log in with another passkey or recovery code
2. Remove lost device's passkey
3. Register new passkey

---

Next: Recovery Codes →