Activating a Passkey
Instructions
You can activate and store your passkey on your mobile devices (iPhone, Android phones) or on dedicated physical authentication keys (FIDO2 compatible - YubiKey, Google Titan, Token2, etc.)
Mobile Devices:
-
iPhone (iOS 16 or later)
-
Android phones (Android 9 or later)
Physical Security Keys - FIDO2 compatible (non-exhaustive, suggestion list):
-
YubiKey
-
Google Titan
-
Token2
-
Other FIDO2-certified hardware keys
Password Managers with Passkey Support (non-exhaustive, suggestion list):
-
1Password
-
Bitwarden
-
NordPass
-
Proton Pass
-
Built-in password managers (iOS Passwords, Google Password Manager, Samsung Pass)
Note: Bluetooth must be enabled on the phone when you register or use passkeys.
How to Register a Passkey
You can register a passkey through the Client Portal.
Passkey Menu
-
Log in to Client Portal
-
Click on the User ("Head and Shoulders” icon in the top right corner) Settings → Security → Security Login System (SLS)
-
The 2FA registration widget will appear
-
Select the "Passkey" tab
-
Choose your registration method: with a Mobile Devices/Password Manager or a Physical Device (see detailed instructions below)
Instructions for Activating a Software Passkey - Mobile Device or Password Manager
-
In the 2FA registration widget, click on the "Passkey" tab.
-
Give your passkey a descriptive name in the "Name your device" section and click on "Register".
-
Select the option "iPhone, iPad or Android Device" to activate the Passkey on your preferred device (avoid using devices that will not be readily available to you, such as tablets).
-
On your mobile device (iPhone or Android), open your Camera app and point the camera at the QR code displayed on your computer screen (make sure Bluetooth is enabled on your device).
-
Once your device is connected, tap on "Register/Create Passkey".
-
You will be prompted to verify your identity using Face ID, Touch ID, fingerprint, or your device PIN. Complete the verification.
-
After successful verification, a "Successful Registration" confirmation will appear on the web page.
-
Your software passkey is now registered and ready to use as a 2FA method.
Instructions for Activating a Physical Passkey
-
In the 2FA registration widget (see section Passkey Menu above), click on the "Passkey" tab.
-
Give your passkey a descriptive name in the "Name your device" section and click on "Register".
-
Select "Security Key".
-
Insert your physical security key into your device's USB port (or hold it near your device for NFC-enabled keys) and enter your PIN when asked.
-
Touch the button or sensor on your security key.
-
Wait for the "Registration Successful" confirmation message.
-
Your hardware security key is now registered and ready to use as a 2FA method.
Best Practices
Enable biometric protection for your mobile passkeys
Your passkeys are automatically protected by your device's security features (Face ID, Touch ID, fingerprint, PIN, or pattern). We strongly recommend:
-
Keep your device lock screen enabled at all times
-
Use strong biometric authentication (Face ID, fingerprint) rather than simple PINs when possible
-
Enable automatic device lock after a short period of inactivity
-
Never share your device PIN or biometric data with anyone
Use cloud-synced passkeys for convenience
Several passkey providers offer cloud synchronization, which automatically makes your passkey available across multiple devices (non-exhaustive, suggestion list):
-
iCloud Keychain (for Apple devices): Syncs passkeys across all your Apple devices signed in with the same Apple ID
-
Google Password Manager or Samsung Pass (for Android/Chrome): Syncs passkeys across all devices signed in with your Google or Samsung Account
-
1Password, Bitwarden, NordPass, Proton Pass: Sync passkeys across all platforms where you use these password managers
This eliminates the need to register separate passkeys for each device and provides automatic backup.
FAQ: For more information on this topic, please visit our Frequently Asked Questions.