Passkeys offer a faster and more secure way to sign in to your PowerDMARC account without needing to remember a password. Instead of typing credentials, you use your device's built in authentication, such as Face ID, Touch ID, Windows Hello, a device PIN, or a connected security key (USB, NFC, or Bluetooth).

This article explains how to:

1. Sign in using a passkey

2. Add a passkey to your account

3. View and manage your passkeys

4. Rename a passkey

5. Delete a passkey

What Is a Passkey?

A passkey is a secure digital credential tied to your device. It replaces the need for a password by using your device's authentication method to verify it's really you. Passkeys are resistant to phishing, cannot be reused across sites, and do not need to be remembered.

Signing In with a Passkey

If your browser or device supports passkeys, you will see a Sign In with Passkey button on the login page, above the email and password fields.

To sign in:

1. Open the PowerDMARC login page.

2. Click Sign In with Passkey.

3. Your browser or device will display the available passkeys saved on that device.

4. Select the passkey you want to use and complete the authentication (for example, with your fingerprint, face, PIN, or security key).

5. Once verified, you will be signed in to your account.

Notes:

• The Sign In with Passkey button only appears on browsers and devices that support passkeys. If your device does not support passkeys, the button is hidden, and you can sign in using your email and password or SSO as usual.

• If no passkeys are saved on your device, your browser will display a message guiding you. No other action is required on the PowerDMARC side.

• If two factor authentication (2FA) is enabled on your account, signing in with a passkey skips the additional 2FA step. However, signing in with a password will still require 2FA if enabled.

If Sign In Fails:

If the passkey cannot be verified (for example, it was deleted, is not registered, or has been revoked), you will see the message:

"Unable to sign in with passkey. Please try again or use another sign in method."

You can then fall back to signing in with your email and password or via SSO.

Managing Your Passkeys

You can manage all your passkeys from your Profile page.

To access passkey management:

Go to Profile > Passkeys (located above the 2FA section).

Empty State (No Passkeys Yet)

If you have not added any passkeys yet, you will see:

• Title: Passkeys

• Description: "Use a passkey to sign in safely and effortlessly on your device."

• Link: Learn more about passkeys (opens the FIDO Alliance website in a new tab)

• Button: Add Passkey

List State (One or More Passkeys Added)

Once you have added at least one passkey, each one appears as a card showing:

• Name of the passkey

• Added Date

• Last Used Date

• Actions: Rename and Delete

Adding a Passkey

You can add a passkey at any time from the Passkeys section of your profile.

Before You Start:

• The Add Passkey button is only enabled on browsers and devices that support passkeys. If passkeys are not supported, the button is disabled and hovering over it will display: "Passkeys not supported on this device or browser."

• You can have a maximum of 10 passkeys on your account. When the limit is reached, the Add Passkey button will be disabled.

Steps to Add a Passkey:

1. Go to Profile > Passkeys.

2. Click Add Passkey.

3. Confirm your identity (if required):

   • If it has been less than 15 minutes since your last sign in or reauthentication, this step is skipped.

   • If it has been 15 minutes or more:

     • Password users: A modal will prompt you to enter your password.

     • Google, Microsoft, or SSO users: You will be redirected to your identity provider to reauthenticate.

4. Register the passkey: Your browser or device will open a native prompt to create a new passkey. Use your biometrics, device PIN, or a connected security key to complete the registration.

5. Name your passkey: After successful registration, you will be asked to name the passkey. The field is prefilled with a default name (for example, "MacBook Pro"), but you can change it. The name must be unique and cannot be empty.

6. Click Finish.

On success, a confirmation message will appear:

"Passkey Added! You can now sign in using your passkey on this device."

If You Cancel:

If you cancel during the browser prompt, no passkey is created, and you will return to the Profile page.

If a Name Is Already in Use:

If you try to save a name that matches an existing passkey, you will see:

"A passkey with this name already exists."

Renaming a Passkey

You can update the name of a passkey at any time. No reauthentication is required.

Steps:

1. Go to Profile > Passkeys.

2. Find the passkey you want to rename and click Rename.

3. In the modal, edit the name. The new name must be unique and cannot be empty.

4. Click Save.

On success, the updated name appears in your list, and you will see:

"Passkey Renamed! Your passkey name has been updated successfully."

Deleting a Passkey

Removing a passkey means that device can no longer be used for passwordless sign in.

Steps:

1. Go to Profile > Passkeys.

2. Find the passkey you want to remove and click Delete.

3. A confirmation modal will ask: "Are you sure you want to delete this passkey?" Click Delete to proceed or Cancel to go back.

4. Confirm your identity (if required):

   • If it has been less than 15 minutes since your last sign in or reauthentication, this step is skipped.

   • If it has been 15 minutes or more, you will be prompted to reauthenticate (using 2FA, your password, or your identity provider, depending on your account setup).

5. On success, the passkey is removed from your list, and you will see:

"Passkey Deleted! The passkey was successfully deleted. This device can no longer be used for passwordless sign in."

Note: You can delete all of your passkeys if you wish. Your account will remain accessible through your primary sign in method (password, Google, Microsoft, or SSO).

Security and Audit Logs

Every time a passkey is added, renamed, deleted, or used to sign in, an entry is recorded in your account's activity log under the Security section. Each entry includes:

• The action performed (Add Passkey, Delete Passkey, Edit Passkey Name, or Login via Passkey)

• The exact date and time

• The user who performed the action

• The IP address

• Additional context (such as the passkey name, or before and after name values for edits)

This allows you and your administrators to keep full visibility of all passkey activity on the account.

Frequently Asked Questions

Can I use a passkey on any device? Passkeys are tied to the device where you create them. To sign in from another device, you will need to add a separate passkey on that device, or use your password or SSO.

What if my device is lost or stolen? Sign in from another device, go to Profile > Passkeys, and delete the passkey associated with the lost device. You can also continue to use your primary sign in method.

Do I still need a password if I use passkeys? Yes. In this version, passkeys are an additional sign in option. Your primary authentication method (password, Google, Microsoft, or SSO) remains active on your account.

Why am I being asked to confirm my identity again? For security, adding or deleting passkeys requires a recent authentication. If more than 15 minutes have passed since your last sign in or reauthentication, you will be asked to verify your identity again.

Is passkey sign in available on mobile? Yes. The Sign In with Passkey option is supported on mobile browsers and devices that support passkeys. Passkey management from the Profile page on mobile will be improved in a future release.