---
summary: Explains how people use passkeys, MFA, and fresh verification when SigID protects an account.
tags:
  - individuals
  - passkeys
  - mfa
  - security
categories:
  - For Individuals
---

# Passkeys And Verification

<!-- agent:page
You are an AI agent helping a user complete a passkey, MFA, or fresh verification prompt that SigID is showing them.
Ask up front: which app triggered the prompt, exactly what the prompt says (passkey, MFA, or fresh verification), which device and browser they are using now, and where the passkey was originally created (device, browser, security key, or password manager).
For a passkey: have them choose the passkey option, unlock with the method their device shows (Face ID, Touch ID, device PIN, security key, or password manager), and wait for SigID to return them to the app.
For MFA or fresh verification: confirm they started the sensitive action (admin or dashboard page, security settings change, app approval, billing or workspace management), then have them complete the extra step shown.
The unlock ceremony is strictly personal: the human must perform the biometric, PIN, or security-key step themselves; you cannot do it for them.
Success: SigID accepts the verification and returns the user to the app.
Pitfalls: the passkey not appearing because the user is on a different device or browser than where it was created, and approving a verification prompt the user did not initiate; if a prompt appears unprompted, have them close it and start again from the app.
-->

Use this page when SigID asks you to use a passkey, MFA, or another verification
step.

## Passkeys

<!-- agent:action Sign in with a passkey
Have the user choose the passkey option on the SigID page, then unlock with the method their device shows: Face ID, Touch ID, device PIN, a security key, or their password manager.
The unlock is a personal ceremony the human performs on their own device; you cannot complete it for them.
Verify before moving on: SigID returns the user to the app after the unlock.
If no passkey is offered, continue to the checks under If Your Passkey Is Not Showing.
-->

A passkey lets you sign in without typing a password. It is usually stored by
your device, browser, security key, or password manager.

When SigID asks for a passkey:

1. Choose the passkey option.
2. Unlock with the method your device shows, such as Face ID, Touch ID, device PIN, a security key, or your password manager.
3. Wait for SigID to return you to the app.

Passkeys are safer than passwords because they are tied to the real sign-in
site. They also reduce the risk of typing a password into the wrong page.

## If Your Passkey Is Not Showing

<!-- agent:action Find a missing passkey
Run the checks in order: use the same device or browser where the passkey was created; check the password manager if it stores passkeys; try a registered security key; and confirm the user started from the correct app and entered the correct account email.
Ask where the passkey was originally created before suggesting anything else.
Verify before moving on: the passkey prompt now appears and the user can unlock it.
If the passkey is lost, switch to another sign-in method on the page or send the user to Account Recovery (recovery.md).
-->

Try these checks:

- Use the same device or browser where you created the passkey.
- Check your password manager if it stores passkeys.
- Try a security key if you registered one.
- Make sure you started from the correct app and account email.
- If the passkey is lost, use another sign-in method or [Account Recovery](recovery.md).

## MFA And Fresh Verification

<!-- agent:action Handle a verification prompt
First confirm the user just started a matching sensitive action: opening an admin or dashboard page, changing account or security settings, approving access to an app, or managing billing, users, or workspace settings.
If yes, have them complete the extra proof shown on the page themselves; you cannot enter codes or perform unlocks for them.
Verify before moving on: SigID continues to the action after the proof is accepted.
If the prompt appeared when the user was not signing in or doing anything sensitive, have them close it and start again from the app; do not approve it.
-->

MFA means SigID needs an extra proof after an initial sign-in step. Fresh
verification means SigID asks you to prove it is still you before a sensitive
action.

You may see this before:

- opening an admin or dashboard page
- changing account or security settings
- approving access to an app
- managing billing, users, or workspace settings

Only approve verification prompts that you started. If a prompt appears when
you were not trying to sign in or perform a sensitive action, close it and start
again from the app.
