What is a Passkey?
A passkey is a digital key stored in a secure chip on your device (like a phone or computer). It's a more secure and simpler way to log into your accounts. You can use your device's biometrics (fingerprint or facial recognition) to authorize logins, eliminating the need to remember or enter complex passwords or mnemonic phrases.
Here’s how it works:
- My account is protected by my device, unlocked with my face or fingerprint.
- It is resistant to phishing attacks.
- It is securely stored in my Apple/Google account or password manager.
- It automatically syncs to my other devices (syncing must be enabled).
- It is end-to-end encrypted, so only I can access it.
Wave Goodbye to Old-School Hassles
Passkeys combine the easy recoverability of traditional passwords with the strong security of crypto wallet private keys, while avoiding the drawbacks of both.
| Feature Comparison | Web2 Account Passwords | Web3 Mnemonic Phrases | Passkeys |
| Security Risk | Easily stolen, forgotten, or phished | Prone to physical loss, theft, or damage; places high security responsibility on the user | Resistant to phishing and web attacks from the ground up |
| User Experience | Requires frequent typing and heavy memorization | Primarily used for account recovery; requires high security standards for storage | One-touch access, seamless login |
| Recovery Method | Cumbersome "Forgot Password" process, vulnerable to exploitation | Permanent loss if mnemonic phrase is lost | Can be securely recovered via personal cloud account (Apple / Google / password manager) |
Advantages of Passkeys
Secure Your Accounts: No More Phishing or Leaks
Passkeys are stored in your device's secure chip, inaccessible even to Apple or Google. They can only be used with your biometric authentication or PIN, significantly reducing the risk of unauthorized access. Passkeys are cryptographically tied to the specific domain of an app. This means they cannot be used on fake websites, effectively preventing phishing. Even if you visit a malicious phishing site, hackers cannot steal your passkey.
Easy to Use: Convenience at Your Fingertips
Forget complicated rules like "at least 8 characters, including uppercase, lowercase, and special symbols." Logging in with a passkey is as simple as unlocking your phone. Whether creating a wallet or making daily transactions, a single fingerprint or facial scan is all you need to log in securely..
In Control: Your Assets, Your Way
Your passkeys are automatically encrypted and securely synced to your Apple / Google account or a professional password manager like 1Password. Even if your device is lost or damaged, you can seamlessly recover your wallet and all your assets simply by logging into the same account on a new device.
FAQ
Q: How do I enable passkeys on my iPhone?
A: To set up passkeys on iOS, ensure your device is updated to iOS 16 or later, enable iCloud Keychain and two-factor authentication. Then, follow the prompts to create or add a passkey, and use biometric authentication for setup and subsequent logins. During account creation, you can also use another phone with a camera or an external security key to store the passkey.
Q: How do I enable passkeys on my Android phone?
A: To set up passkeys on an Android phone, ensure your device is updated to Android 9 or later, enable a password manager, and activate 2FA. Some phone manufacturers also offer similar password management services; please follow their instructions for setup. During account creation, you can also use another phone with a camera or an external security key to store the passkey.
Note: Some Android models (e.g. from Huawei, Xiaomi, Vivo, OPPO) do not support passkeys and therefore cannot be used to create an AA account on imToken Web. Please check with your phone manufacturer for details.
Q: Can I delete a passkey?
A: It’s generally not recommended. Only delete a passkey once you’ve confirmed it’s no longer in use and all assets have been transferred. Once a passkey is deleted, the associated account cannot be recovered.
Q: If my device is lost or damaged, are my assets gone forever?
A: No. Your passkeys are doubly protected: they are locked to your device's hardware and securely synced via a backup mechanism to your Apple or Google account (ensure syncing is enabled).
To regain access to your wallet on a new device:
- Log in with the same Apple ID or Google account you used when creating the wallet.
- Go to https://web.token.im/ and select "Sign in with passkey."
- Verify your identity with your fingerprint or Face ID.
Q: Why should I use a passkey to create an account?
A: Creating an account with a passkey is more secure than traditional account passwords and more convenient than mnemonic phrase wallets.
Q: Can the private key of a passkey account be exported?
A: No. The account’s private key is securely stored inside a dedicated security chip on your device, which is designed to prevent any tampering or extraction.
Unlike traditional wallets that require you to back up a seed phrase, the passkey security model is built on the principle that the key never leaves the device’s secure hardware — fundamentally eliminating the risk of exposure or loss.