Set up passkeys (phishing-resistant sign-in)

Personal setupSecurity · about 10 min · Everyone — enable where offered

A passkey replaces your password with your device’s fingerprint, face, or PIN. It can’t be phished or reused, and it’s becoming the default sign-in across Google, Microsoft, Apple, LinkedIn, and Facebook.

Passkeys are vendor-aligned — each one lives in an ecosystem (Google, Apple, Microsoft, or a device like Windows Hello).

Passkeys complement your MFA — they don’t replace it

Turn passkeys on where a site offers them, but keep your authenticator app and recovery codes too. A passkey lives in a platform keychain (e.g. iCloud Keychain or Google Password Manager) and can sync across that ecosystem’s devices — but it won’t follow you outside that ecosystem, so your authenticator (with cloud backup) and recovery codes are how you get in from anywhere or recover a lost device.

  1. 1

    Add a passkey on your phone

    When a site (Google, Microsoft, LinkedIn, Facebook) offers to create a passkey, accept it and confirm with your phone’s fingerprint/face. The passkey is stored securely in your Google or Apple account.

  2. 2

    Turn on Windows Hello on your computer

    On Windows, set up Windows Hello (Settings → Accounts → Sign-in options) with a PIN or fingerprint/face. Sites can then create a passkey tied to your computer.

  3. 3

    Keep your authenticator MFA as backup

    Do not remove your authenticator app or recovery codes after adding passkeys — they’re your fallback if you lose the device that holds a passkey. See the Multi-Factor Authentication and Password Manager guides.

Common questions

Do passkeys replace my authenticator app?

No — they complement it. Turn passkeys on where offered for faster, phishing-resistant sign-in, but keep your authenticator app and recovery codes as the fallback that works from any device and any ecosystem.

What happens to my passkey if I lose my device?

A passkey lives in a platform keychain (iCloud Keychain or Google Password Manager) and syncs to that ecosystem’s other devices, so a replacement phone signed into the same account gets it back — if sync was on. If not, you fall back to your authenticator app and recovery codes, which is exactly why FFC has you keep them.

Next setup guides

Multi-factor authenticationSecurityPassword managerTools

Stuck on any step? Text Clarke Moyer at (520) 222-8104 — every step is meant to be simple, so if something doesn't match what you see, ask.