Skip to main content
Loading...

Help Center

Everything you need to know about using Renewly

Passkeys

Passkeys let you sign in with your device's built-in biometrics or a hardware security key - no email link or code required. They are faster than magic links and more phishing-resistant than any other sign-in method.

What is a passkey?

A passkey is a cryptographic credential stored on your device. When you sign in, your device proves who you are using a private key that never leaves it. Renewly verifies you without ever receiving a secret - there is nothing for an attacker to steal from our end.

Passkeys work with:

  • Touch ID - MacBook fingerprint sensor, iPhone, iPad
  • Face ID - iPhone X and later, some iPads
  • Windows Hello - face, fingerprint, or PIN on Windows 10/11
  • Android biometrics - fingerprint or face unlock
  • Hardware security keys - YubiKey, Google Titan, or any FIDO2 key

Passkeys are optional

You can always sign in with a magic link or a connected provider (Google, GitHub, Microsoft) even if you have passkeys enrolled. Passkeys are an additional convenience, not a requirement.

Enrolling a passkey

  1. Sign in to Renewly normally (magic link or a provider)
  2. Go to Settings → Security
  3. Under "Passkeys" click Add passkey
  4. Your browser or OS will prompt you to verify with biometrics or your security key
  5. Give the passkey a name (for example "MacBook Pro" or "YubiKey 5")
  6. Click Save

You can enroll as many passkeys as you like - one per device is the typical setup.

Name each passkey after the device it is on so you can identify them later. "Work MacBook" is more useful than "My passkey" when you need to revoke one.

Signing in with a passkey

On the sign-in page, if your device or browser supports passkeys, you will see a Sign in with a passkey button below the provider buttons. Click it and your device will prompt you for biometrics or your security key.

The button only appears if your current browser and device have passkey support. If you do not see it, use a magic link instead and enroll a passkey from Settings afterward.

Passkeys and two-factor authentication

Passkeys are inherently two-factor: they combine something you have (the device holding the key) with something you are (your biometric) or something you know (your device PIN). Because of this, a passkey sign-in satisfies the AAL2 requirement on its own - you will not be prompted for a TOTP code after a passkey login even if you have 2FA enabled.

If you prefer to keep 2FA enabled as a belt-and-suspenders measure for magic-link and OAuth sign-ins, that is fine. It applies only to those paths.

Managing passkeys

All your enrolled passkeys are listed at Settings → Security → Passkeys. Each entry shows:

  • The passkey name you gave it
  • Device type (platform authenticator or roaming/hardware key)
  • When it was created
  • When it was last used
  • Whether the credential is backed up to the cloud (iCloud Keychain, Google Password Manager, etc.)

Renaming a passkey

  1. Go to Settings → Security
  2. Find the passkey in the list
  3. Click the pencil icon next to its name
  4. Enter a new name and save

Revoking a passkey

  1. Go to Settings → Security
  2. Find the passkey you want to remove
  3. Click Revoke and confirm

Revoking a passkey removes it from Renewly immediately. Sign-in attempts using that credential will fail from then on. The credential may still exist on the device that created it - delete it from your device's password or key manager separately if needed.

Last passkey protection

If a passkey is your only remaining sign-in method, Renewly will not allow you to revoke it. Connect a provider (Google, GitHub, or Microsoft) or request a magic link first so you keep a way in.

Passkeys across devices

Whether a passkey works across your devices depends on your platform:

  • Apple devices - passkeys created on iPhone or Mac sync via iCloud Keychain across all your Apple devices signed into the same Apple ID.
  • Android devices - passkeys sync via Google Password Manager across your Android devices.
  • Windows - Windows Hello passkeys are tied to that device. Use a hardware security key for cross-device portability.
  • Hardware security keys - work on any device the key is plugged into. They do not sync but are always with you if you carry the key.

The easiest multi-device setup: enroll a passkey on each device you regularly use, giving each one a descriptive name.

Lost device or locked out

If you lose a device that held a passkey:

  1. Sign in using a magic link or another provider
  2. Go to Settings → Security → Passkeys
  3. Revoke the passkey associated with the lost device

If you cannot sign in at all because you only had passkeys and your devices are unavailable, contact support@renewly.gg for account recovery assistance.

Browser support

Passkeys are supported in:

  • Safari 16+ on macOS 13+ and iOS 16+
  • Chrome 108+ on Windows, macOS, Android, and ChromeOS
  • Firefox 122+ on Windows and macOS
  • Edge 108+ on Windows and macOS

If your browser does not support passkeys, the sign-in button will not appear. Use a magic link or a provider instead.

For a full guide to account security settings including 2FA and session management, see Account Settings - Security.