Passkeys

Passkeys

Passkeys are a modern, passwordless way to log into your Opengates account using biometric authentication — like your fingerprint or face — or a device PIN. They're faster than typing a password, more secure than traditional login methods, and completely resistant to phishing attacks.

This guide explains everything you need to know about passkeys on Opengates: what they are, how they work, how to set them up, and how to manage them across your devices.

What Are Passkeys?

Passkeys are a new authentication standard built on WebAuthn (Web Authentication) and FIDO2 technology. Instead of relying on a password that you have to remember and type, passkeys use cryptographic key pairs stored securely on your devices.

How Passkeys Work (In Simple Terms)

Think of passkeys like a digital key that's stored on your phone, computer, or security key. When you want to log in:

1. Opengates asks your device to prove that you're you.
2. Your device uses your fingerprint, face scan, or device PIN to verify your identity locally.
3. Your device sends a cryptographic proof to Opengates — without ever transmitting your biometric data or a password.
4. Opengates verifies the proof and logs you in.

The beauty of this system is that your biometric data (fingerprint, face) never leaves your device. It's used only to unlock the passkey stored on your device. Opengates never sees or stores your biometrics.

Why Passkeys Are More Secure Than Passwords

• No password to steal: Since there's no password, attackers can't steal it through phishing, data breaches, or keyloggers.
• Phishing resistant: Passkeys are bound to the specific website (opengates.app). Even if an attacker creates a fake login page, your passkey won't work on it — your device will recognize that it's not the real Opengates site.
• No password reuse risk: You can't accidentally reuse a passkey across different websites.
• Biometric verification: Only you can unlock your passkey with your unique fingerprint or face.
• Encrypted and hardware-backed: Passkeys are stored in your device's secure enclave or trusted platform module (TPM), making them extremely difficult to extract.

Supported Devices and Browsers

Passkeys are supported on most modern devices and browsers. Here's a breakdown of compatibility:

Operating Systems

Browsers

Hardware Security Keys

In addition to built-in biometrics, you can use physical security keys as passkeys:

• YubiKey (USB-A, USB-C, NFC)
• Google Titan Security Key
• Feitian keys
• Any FIDO2-compliant security key

Setting Up Passkeys on Opengates

Prerequisites

Before setting up a passkey, make sure:

• You're logged into your Opengates account.
• You're using a supported browser and operating system (see tables above).
• Your device has biometric hardware (fingerprint reader, camera for face recognition) or you're using a hardware security key.
• Biometric authentication is enabled on your device (e.g., Windows Hello is set up, Touch ID is configured).

Step-by-Step Setup

1. Log in to your Opengates account using your email and password.
2. Go to Settings → Security → Passkeys.
3. Click "Add a Passkey" or "Set Up Passkey".
4. You'll be asked to enter your current password to verify your identity.
5. Your browser will display a system prompt asking you to authenticate:
   • On Windows: Windows Hello will appear — use your fingerprint, face, or PIN.
   • On macOS: Touch ID prompt will appear — use your fingerprint or enter your device password.
   • On iOS: Face ID or Touch ID prompt will appear.
   • On Android: Fingerprint or face unlock prompt will appear.
   • With a security key: Insert your key and tap it when prompted.
6. Once authenticated, your device will create a passkey and register it with Opengates.
7. You'll be asked to give this passkey a name (e.g., "Work Laptop," "iPhone 15," "YubiKey"). This helps you identify it later.
8. Click "Save" or "Done".
9. Your passkey is now active and ready to use for login.

Adding Multiple Passkeys

You can add passkeys on multiple devices. This is highly recommended so you have backup login methods:

• Add a passkey on your phone and your laptop.
• Add a passkey on your work computer and your home computer.
• Add a hardware security key as a backup.

Each passkey is listed separately in your security settings with the name you gave it.

Logging In with a Passkey

Once you've set up a passkey, logging in is fast and simple:

1. Go to the Opengates login page.
2. Click "Sign in with Passkey" or look for the passkey icon.
3. Your browser will prompt you to authenticate using your device's biometric sensor or security key.
4. Authenticate with your fingerprint, face, PIN, or security key.
5. You're logged in — no password or 2FA code needed.

How Long Does It Take?

Logging in with a passkey typically takes under 5 seconds. Compare that to typing an email, password, and 2FA code, which can take 30 seconds or more.

What If the Passkey Prompt Doesn't Appear?

• Make sure your browser is up to date.
• Check that biometric authentication is enabled on your device.
• Try a different supported browser.
• Make sure the Opengates website is not loaded in an incognito or private browsing window (some browsers restrict WebAuthn in private mode).

Using Passkeys Across Devices

Modern passkey implementations allow you to use passkeys across devices through several methods:

iCloud Keychain (Apple Ecosystem)

If you use Apple devices, passkeys created on one Apple device can automatically sync to your other Apple devices through iCloud Keychain. A passkey created on your iPhone will also be available on your Mac and iPad, as long as they're signed into the same Apple ID.

Google Password Manager (Android/Chrome)

Passkeys created on Android or Chrome can sync across your Google account. A passkey created on your Android phone can be used in Chrome on your computer.

Cross-Device Authentication (QR Code)

If you need to log in on a device that doesn't have a passkey stored:

1. Click "Sign in with Passkey" on the login page.
2. Choose "Use a phone or tablet" or "Use another device".
3. A QR code will appear on the screen.
4. Scan the QR code with your phone (which has a passkey stored).
5. Authenticate on your phone using your biometric.
6. You'll be logged in on the other device.

This is particularly useful when:

• You're using a shared or public computer.
• You're logging in on a new device for the first time.
• You're using a device that doesn't support passkeys.

Hardware Security Keys

Hardware security keys like YubiKey work across any device with a USB port or NFC. Carry your security key with you for a universal login experience regardless of which device you're using.

Managing Your Passkeys

Viewing Your Registered Passkeys

1. Go to Settings → Security → Passkeys.
2. You'll see a list of all passkeys registered on your account, including:
   • Name: The name you gave the passkey (e.g., "Work Laptop")
   • Created: When the passkey was set up
   • Last used: When the passkey was last used to log in
   • Device type: The type of device or authenticator

Renaming a Passkey

1. In the passkeys list, find the passkey you want to rename.
2. Click the "Edit" or pencil icon next to it.
3. Enter a new name.
4. Click "Save".

Removing a Passkey

If you no longer use a device or want to remove a passkey:

1. In the passkeys list, find the passkey you want to remove.
2. Click "Remove" or the trash icon.
3. Confirm the removal by entering your password or authenticating with another method.
4. The passkey is immediately removed from your account.

Important: Make sure you have at least one other login method available (another passkey, password + 2FA) before removing a passkey. If you remove all passkeys and forget your password, you could be locked out.

Passkeys and Other Security Features

Passkeys vs. 2FA

Passkeys and two-factor authentication serve different purposes:

• Passkeys replace the entire login flow (email + password + 2FA) with a single biometric authentication.
• 2FA adds a second step to the password-based login flow.

If you log in with a passkey, you don't need to enter a 2FA code — the passkey already provides strong, multi-factor authentication (your device is "something you have," and your biometric is "something you are").

We recommend setting up both passkeys and 2FA:

• Use passkeys as your primary login method for convenience and security.
• Keep 2FA enabled as a fallback for situations where you log in with a password.

Passkeys and Password Reset

If you reset your password, your passkeys are not affected. They continue to work independently of your password.

Troubleshooting

"Passkey not recognized" Error

• Make sure you're on the correct Opengates login page (check the URL).
• Try authenticating again — biometric reads sometimes fail on the first attempt.
• Ensure your device's biometric hardware is clean and functional.
• Check that the passkey hasn't been removed from your account settings.

"Your browser doesn't support passkeys"

• Update your browser to the latest version.
• Switch to a supported browser (Chrome, Safari, Edge, Firefox).
• Check that your operating system is up to date.

"Unable to create passkey"

• Make sure biometric authentication (Windows Hello, Touch ID, etc.) is set up on your device.
• Check that your browser has permission to use your device's security features.
• Try disabling browser extensions that might interfere with WebAuthn.
• Restart your browser and try again.

Lost All Passkeys and Can't Log In

If you can't use any of your passkeys:

1. Log in with your email and password (and 2FA code if enabled).
2. Once logged in, set up new passkeys from your security settings.

If you've also forgotten your password, use the Password Reset process to regain access.

Still need help? Contact our support team and we'll be happy to assist you.