What is Passkey and how to enable it?

What is Passkey (2FA)?

Passkey is a unique identifier that is used to confirm the legitimacy of your actions within the system (exchange).

 

This identifier is another method for two-factor verification, which can be found on the settings page, allowing you to select and switch between the authentication app and the passkey.

 

Passkey functions on the same level as the familiar TOTP (Time-based One-Time Password) authentication, which works with Google Authenticator or other similar applications. Each device or platform that acts as an authenticator generates two keys: private and public.

  • The public key is a unique identifier of the authenticator and is used to identify the key within the service on which it will be used, in our case on the WhiteBIT exchange;
  • The private key is stored exceptionally in the authenticator and is not available to anyone; used for confirmation.

     

We highly recommend enabling two-factor authentication (2FA) to ensure security and prevent any potential unauthorized access to your account.

What can be used as a passkey?

Various devices, platforms, software can be used as a passkey:

Devices on platforms:

  • Android, starting from version 10.0;
  • iOS, starting from version 17.4;
  • iPadOS, starting from version 17.4;
  • macOS, starting from version 13.0.

     

Browsers:

  • Chrome;
  • Firefox;
  • Safari;
  • Opera.

     

Software:

  • Password managers, for example: 1Password, Bitwarden and others.

     

Physical keys:

  • Yubico devices and others.

     

Other:

  • iCloud.

    Please note: we recommend using physical keys if possible, as they are the most secure.

Also, some of the software or devices may not work correctly.

 

If you encounter any problems while using passkey, for example, you set up passkey, but it does not work, please contact our support team using any method convenient for you from the list at the bottom of this article.

How to set up a passkey in the web version of our exchange?

To enable it in the web version, follow a few simple steps:

1. Log in to your WhiteBIT account and go to Account Settings and Security;



 

2. Select the "Two-Factor Authentication" section by clicking on the "Edit" button;



 

3. Click "Manage Passkeys" and then "Continue";



 

4. Register a passkey by selecting one of the authentication methods;



 

5. Confirm your passkey with the chosen method.



 

Please note: creation of passkeys is limited to 5 units at a time, and it is possible to create multiple keys using one method for authentication.

How to disable the passkey in the web version of our exchange?

After you have connected the passkey, you will be able to disable it at any time.

To disable the passkey, please follow the instructions below:

1. Log in to your WhiteBIT account and go to Account Settings and Security;

2. Click on the red button to the right of the "Rename" button to disable the passkey. You will need to confirm the deletion using your passkey or TOTP.

Please note: to disable the passkey with TOTP, you should wait a few minutes or close the confirmation window via the access key.

By following these steps, you will disable the passkey. To set up the passkey again, you can always use our instructions.

Passkey (2FA) features

Passkey can be used for the same functionality as TOTP:

  • Authorization;
  • Withdrawal of funds (including P2P Express);
  • WB-code creation;
  • Creating and deleting an API key and webhook;
  • Turning the Whitelist on and off, adding and removing an address from the Whitelist;
  • Adding and removing anti-phishing code;
  • Linking and unlinking a web3 wallet;
  • Buying a Gift Card;
  • Account deleting.

     

You can also use passkey to verify the addition and removal of TOTP, and vice versa, TOTP to add and remove passkeys.

 

Please note: with the passkey enabled, when using the functionality from the list above, a confirmation code from email will not be requested.

Logging in to an account using a Passkey

Before logging into your account using the Passkey, it is important to remember that each device requires a separate key. Each key is created for a specific platform or browser from which you will be logging in.

 

If you try to use the same key on another device or in another browser, you may need to re-authenticate or create a new key.

 

Recommended method for cross-platform use

 

If you use devices with different operating systems - for example, a MacBook with an Android smartphone or a laptop with Windows and an iPhone - it is most convenient to create two separate password managers.

 

How to do this:

  1. Store your keys and passwords for Apple devices in iCloud Keychain.
  2. For devices on other platforms, such as Android or Windows, use Google Password Manager.

This way, you can safely store your passwords and access them on any device, no matter what operating system you are using.

 

However, Apple devices synchronized via iCloud and Google Account users synchronised via Google Password Manager may be exceptions.

 

In these cases, you can create a single key that will be accessible on all devices connected to iCloud or using Google Password Manager. This eliminates the need to create separate keys for each device, such as your phone and laptop.

 

What does access key synchronization look like on Apple devices?

 

Apple Keychain is a password and key storage service that automatically syncs them across all your Apple devices via iCloud. To use this feature, follow these simple steps:

  1. Use the same Apple ID on all devices (macOS and iOS).
  2. Set up screen protection with a PIN or password.
  3. Enable biometric authentication (Face ID or Touch ID) on your Mac.

This allows you to securely and conveniently access your passwords on any Apple device. However, please note that this feature only works within the Apple ecosystem and does not support other platforms.

 

What does access key synchronization look like for Google?

 

Google Password Manager supports saving passwords on different platforms - Android, iOS, MacOS, and Windows. To ensure secure access, certain conditions must be followed.

 

Requirements for each platform:

  1. Windows: You must use Windows Hello and log in to Chrome with the appropriate profile.
  2. MacOS: Biometric authentication and login to Chrome with the appropriate Google account are required.
  3. iOS: You must install the Chrome mobile app with a Google account login.
  4. Android: Simply add a Google account and set up screen protection (PIN, password). Biometric authentication is not required.

     

By following these rules, you can easily and securely store and synchronize your passwords via Google Password Manager on any device.

What will happen if you change your password or completely disable 2FA on your account?

If you change your password or completely disable 2FA (both types: Passkey and TOTP), certain functionality will be restricted for 72 hours. This functionality includes withdrawal of funds (including P2P Express), creation of WB Codes, and purchase of Gift Cards. 

You will also receive an email notification informing you of account changes made and alerting you to the restrictions within 72 hours.

If 2FA is turned off and then turned back on in a moment, the above features will still be restricted for 72 hours. 

 

Our top priority is ensuring the security of our users' data and funds.

What should I do if I lose access to my two-factor authentication application?

If you have lost access to 2FA, be sure to contact our support team using any method convenient for you from the list below.

Support

In case of any questions related to your account, trading or exchange functionality, you can:

  • Leave a request on our website;
  • Write to our support e-mail: support@whitebit.com;
  • Write to the chat using the button in the lower right corner of the screen (in the upper right corner of the WhiteBIT app, click ).

Was this article helpful?

58 out of 63 found this helpful

Have more questions? Submit a request