What are passkeys?
Passkeys are a secure, passwordless authentication method that allows you to access your Stackup account and authorize transactions using biometric data (like fingerprints or facial recognition), PINs, or patterns instead of traditional passwords. Unlike private keys or seed phrases typically used in crypto, passkeys provide enterprise-grade security with a smooth, user-friendly experience.
Passkeys represent a transformative step forward in blockchain security, eliminating the need for complex mnemonic phrases while maintaining true self-custody of your assets.
How passkeys work with Stackup
When you use Stackup to manage your organization's crypto operations, passkeys serve as the secure authentication layer between you and your smart account. Here's how they function:
Account creation: When you first set up your Stackup account, you'll create a passkey that's uniquely tied to your account and device.
Authentication: Instead of typing a password when logging in, you'll simply use your device's biometric sensor (fingerprint, face recognition) or PIN.
Transaction authorization: When sending transactions or managing treasury operations, you'll authorize actions using your passkey rather than entering private keys.
Cross-device access: Your passkeys work seamlessly across all your devices, making it easy to access your Stackup account from anywhere while maintaining security.
Benefits of passkeys for crypto transactions
Enhanced security
Phishing resistance: Passkeys are bound to specific websites and applications, making them resistant to phishing attacks. The browser or operating system verifies the legitimacy of the website, so you can't be tricked into authenticating on a fraudulent site.
No private key vulnerabilities: Traditional private keys can be compromised if stored improperly. Passkeys eliminate this risk by leveraging your device's secure hardware.
True non-custodial control: With passkeys, Stackup never touches your assets. All spend controls are applied on-chain, maintaining complete self-custody while eliminating the security risks of traditional private key management.
Improved user experience
No more hardware wallets: Eliminate the need for physical hardware devices, complex MPC networks, and browser extensions.
Seamless multi-device access: Once a passkey is created, you can easily switch to a new device and immediately use it without re-enrollment.
Simplified team operations: Passkeys work with Stackup's role-based permissions, allowing your team to authorize transactions from any device while maintaining complete control over your organization's funds.
Technical advantages
ERC-4337 compatibility: Stackup uses passkeys with the ERC-4337 standard for smart accounts, enabling advanced features like transaction batching and gas abstraction.
Enterprise-grade systems: Benefit from the same security standards used by major financial institutions, without sacrificing the decentralized benefits of blockchain technology.
Cross-chain support: Your passkeys work across all blockchain networks supported by Stackup, creating a consistent experience regardless of which chain you're operating on.
Where passkeys are stored
Passkeys are securely stored in one of two places:
Device-based storage: Your passkeys can be stored within your device's secure hardware (like the Secure Enclave on Apple devices or the YubiKey USB device).
Password manager sync: Most modern password managers support passkeys. When stored this way, your passkeys are encrypted before being synced to your other devices, ensuring only you can access them.
Stackup never has access to your private key material. Your biometric data never leaves your device and is never exposed to Stackup or any website.
When to use passkeys on Stackup
You'll use passkeys in several key scenarios when using Stackup:
Account login: When accessing your Stackup dashboard or account
Transaction signing: When sending payments, managing treasury operations, or interacting with blockchain applications
Approval workflows: When authorizing transactions as part of multi-signature or approval processes
Team member authentication: When team members need to access resources based on their assigned permissions
Frequently asked questions
Is my biometric data being sent to Stackup?
No. Your biometric information (fingerprints, facial data) never leaves your personal device. When you authorize with a fingerprint or face scan, your device simply verifies your identity locally, then uses your passkey to generate a cryptographic signature.
What happens if I lose my device?
Your passkeys are typically backed up to your account with your operating system provider (Apple, Google, etc.) or password manager. You can recover access on a new device using your account credentials. For added security, Stackup also supports having multiple keys and multiple devices.
Are passkeys more secure than hardware wallets?
Passkeys provide enterprise-grade security that matches or exceeds hardware wallets for most use cases, while being significantly more convenient. They leverage your device's secure hardware elements (similar to what hardware wallets use) but eliminate the need for physical devices that can be lost or damaged.
Can we have multiple team members use passkeys?
Yes! Stackup's role-based access control works seamlessly with passkeys. Each team member has their own passkey with specific permissions defined by your organization's policies.
Getting started with passkeys
To start using passkeys with your Stackup account:
Ensure you're using a modern browser that supports passkeys (like Chrome, Firefox, or Safari)
During account creation or in your security settings, select the option to create a passkey
Follow the prompts to set up your passkey using your device's authentication method
Once configured, you can use your passkey to securely access your account and authorize transactions
For more information about setting up passkeys for your organization, contact the Stackup team or explore our setup guides in the help center.