Passkeys
Set up FIDO2-certified passkeys to sign in to MemberPass with a fingerprint, Face ID, or hardware key — no password required.
By the end of this page, you'll have a passkey registered on your device — and you'll know how to add more, name them, and remove them later.
Passkeys are the modern replacement for passwords. They're FIDO2-certified cryptographic credentials that live on your device (phone, laptop, or a hardware key). Instead of typing a password, you unlock your passkey with a fingerprint, face scan, or the same PIN you use to unlock the device.
Why passkeys?
Phishing-proof
A passkey is bound to app.memberpass.net. A fake sign-in page can't trick it
into authenticating, because the cryptographic signature is tied to the real
domain.
Nothing to remember
No password to type, save, or rotate. Your device's lock screen is the only thing between you and your account.
Faster than 2FA
One tap replaces a password plus a TOTP code. For daily use, a passkey is the fastest way to sign in.
Works offline
Passkeys don't depend on receiving a text message or code. They work on airplane mode, in airports, or anywhere with flaky signal.
What you need
Your device needs to support the WebAuthn standard. That covers almost everything made in the last few years:
- iPhone / iPad: iOS 16 or later
- Mac: macOS Ventura (13) or later
- Android: Android 9 or later with Google Play Services
- Windows: Windows 10 or later with Windows Hello
- Hardware keys: YubiKey 5, Google Titan, and any other FIDO2-compatible key
You'll also need one of these browsers: Chrome 67+, Safari 14+, Firefox 60+, or Edge 18+.
If your device stores passkeys in iCloud Keychain (Apple) or Google Password Manager, they sync across devices signed in to the same account. Register once on your iPhone and the same passkey works on your Mac.
Register your first passkey
Open Security settings.
From the account menu, go to Settings → Security (URL: /settings/security). Scroll down to the Passkeys (FIDO2-certified) section.
Name your passkey.
Use something specific enough to identify later — like "iPhone 15", "Work MacBook", or "YubiKey". This is how you'll tell them apart when managing a long list.
Enter your current password in the confirmation field.
We require a password confirmation so nobody can register a passkey on an unattended session.
Click Generate Passkey.
Your browser or operating system now takes over with its own dialog: "Create a passkey for app.memberpass.net?".
Approve with your fingerprint, face, or PIN.
The prompt looks slightly different on each OS — Touch ID on Mac, Face ID on iPhone, Windows Hello on Windows — but it always comes from your device, never from our site.
Done. Your passkey appears in the list under Security settings with the name you chose and the date it was created.
You can register as many passkeys as you like. We recommend at least two — one on your phone, one on your computer — so you're never locked out if one device isn't handy.
Sign in with a passkey
Once you have a passkey registered, signing in is a one-tap affair:
Go to /login. On most modern browsers, your device will automatically suggest your passkey.
Tap Continue with a Passkey, or select your passkey from the browser's autofill prompt.
You're in — no password, no two-factor code.
Passkeys already satisfy "something you have" and "something you are", so if you sign in with a passkey, MemberPass does not prompt for 2FA on top.
Manage your passkeys
View your registered passkeys
The list under Settings → Security → Passkeys shows each one you've registered:
- Name — what you called it during setup.
- Created — the date you added it.
- Last used — when it was last used to sign in.
Rotate to a new device
If you replace a device (new phone, new laptop), register a fresh passkey on the new one first, then delete the old one. Never delete before the new device is confirmed working — if you do, you may be locked out temporarily until you fall back to password or Telegram sign-in.
Delete a passkey
When you no longer need a passkey — for example, you've sold the laptop it was registered on — remove it:
Click Delete Passkey next to the one you want to remove.
Click Delete Passkey.
What delete does (and doesn't do): MemberPass invalidates the passkey on our side, so signing in with it will fail. The passkey may still exist inside your device's keychain — that's normal. Your phone or password manager typically lets you clean up unused passkeys from its own settings.
Common questions
Related
- Two-factor authentication — if your device doesn't support passkeys, 2FA is the next best option.
- Social login — a third path that leans on Google or Telegram's own passkey/2FA.
- Account recovery — set this up before you lose access, not after.