Passkeys are a passwordless method of signing into an account on a website or app. Instead of signing in to an account with a username and password, passkeys allow you to approve the sign-in using the same PIN, biometrics, or password that is set on your device.
Passkeys are considered more secure than passwords because they are cryptographic key pairs that are bound to a specific domain. This reduces the risk of phishing, as there is no password used and the passkey cannot be used on a fake website. Since there is no password to remember, this also allows for faster sign-ins and helps you avoid password reuse.
Fastmail is introducing passkeys as an alternate login mechanism — your Fastmail username and password will continue to work after a passkey has been created in your account.
This help page will cover how you can use passkeys with your Fastmail account. If you'd like to learn more information about passkeys, the FIDO Alliance has published an FAQ here.
Creating a passkey
If you have never created a passkey in your Fastmail account, you can do so by following these steps:
- Go to Settings → Privacy & Security.
- Find the Passkeys section and click Create a passkey.
- A Verify it's you box may appear. Enter your password and click Continue. (For more information, see our Password-protected actions help page.)
- A new Create a passkey modal will appear. Click Continue.
- Your device or password manager will prompt you to create a passkey.
- Once you have successfully created the passkey on your device, you will see a Passkey created modal in the Fastmail interface. Give your passkey a name so that you can easily identify it later, then click Done.
After one passkey has been created in your Fastmail account, you can create any future passkeys by going to Settings → Privacy & Security and clicking Manage passkeys. From there, you can click Create a passkey and follow the above steps (starting from Step 3).
Logging in with a passkey
Once you have created a passkey, you can use it to sign in at the Fastmail login screen.
If you enter your username and we detect that your account has a passkey saved, we'll also show a button to begin the passkey sign-in flow. Once you have approved the sign-in using your device's password, biometrics, or PIN, you will be brought directly to your account's mailbox.
Depending on your password manager, you may be prompted to sign in with your passkey without needing to enter any credentials.
Managing your passkeys
You can view and manage your passkeys by going to Settings → Privacy & Security and clicking Manage passkeys.
From this screen, you will be able to see your passkeys listed from newest created to oldest created. You can see the passkey's name, when access was given, and when/where it was last used to access your Fastmail account.
If you want to delete a passkey, click the Remove button. Note that when a passkey is deleted from your Fastmail account, your device/password manager will not be aware of this change — you will continue to be prompted to use the passkey at the login screen until you have manually removed it from your device/password manager.
Passkeys and 2FA
Two-factor authentication is based on the idea that you are authenticating using a combination of something you know (your password), plus something you have (the 2FA code supplied by your device).
Passkeys already combine something you know/are (your PIN, password, or biometrics), plus something you have (your device). For this reason, we do not prompt for 2FA when passkeys are used.