Passkeys

What Are Passkeys?

Passkeys are a modern, passwordless way to sign in. Instead of typing a password or waiting for an email code, you authenticate using:

• Biometrics - Face ID, Touch ID, or fingerprint sensors
• Device PIN - Your phone or computer's unlock code
• Security keys - Hardware keys like YubiKey

Passkeys are phishing-resistant and more secure than passwords — there's nothing to type, nothing to remember, and nothing that can be stolen.

Platform Support

Note: Passkeys on mobile apps are coming in a future update. For now, use email sign-in on iOS and Android.

Setting Up a Passkey

On the Web

1. Sign in to GotReceipts using your email
2. Go to Settings → Security
3. Under Passkeys, tap Add Passkey
4. Your browser will prompt you to create a passkey
5. Authenticate with your biometric or PIN
6. Give the passkey a name (e.g., "MacBook Pro", "Work Computer")

Your passkey is now saved and ready to use.

What Gets Created?

When you create a passkey:

• A unique cryptographic key pair is generated
• The private key stays securely on your device (never leaves it)
• The public key is stored with your account
• Your device's secure enclave protects the private key

Signing In with a Passkey

1. Go to the sign-in page
2. Enter your email address
3. If you have a passkey, you'll be prompted to use it
4. Authenticate with your biometric or PIN
5. You're signed in — no codes, no waiting

Cross-Device Authentication

Modern passkeys can work across devices using your phone as an authenticator:

1. On your computer, choose "Use a phone or tablet"
2. Scan the QR code with your phone
3. Authenticate on your phone
4. You're signed in on your computer

This is useful when signing in on a shared or new device.

Managing Passkeys

View Your Passkeys

Go to Settings → Security → Passkeys to see all your registered passkeys, including:

• Passkey name
• When it was created
• When it was last used

Remove a Passkey

1. Go to Settings → Security → Passkeys
2. Find the passkey you want to remove
3. Tap Remove
4. Confirm removal

Warning: If you remove all passkeys, you'll need to sign in via email.

Rename a Passkey

1. Go to Settings → Security → Passkeys
2. Tap the passkey name
3. Enter a new name
4. Save

Use descriptive names like "iPhone 15" or "Home iMac" so you know which device each passkey belongs to.

Passkey Security

Why Passkeys Are Secure

• Phishing-resistant - Passkeys only work on the real GotReceipts site, not lookalike phishing pages
• No shared secrets - Nothing is transmitted that could be intercepted
• Device-bound - The private key never leaves your device
• Biometric-protected - Requires your face, fingerprint, or PIN

What If I Lose My Device?

If you lose a device with a passkey:

1. Sign in on another device using email or another passkey
2. Go to Settings → Security → Passkeys
3. Remove the passkey for the lost device

The lost device can no longer access your account via that passkey.

Troubleshooting

"Passkey not found"

This usually means:

• You're on a different device than where the passkey was created
• The passkey was removed
• Your browser doesn't support passkeys

Try signing in with email instead, then check your passkey settings.

Browser Compatibility

Passkeys work best on:

• Safari 16+ (macOS, iOS)
• Chrome 108+
• Firefox 122+
• Edge 108+

If your browser doesn't support passkeys, you'll be prompted to use email sign-in instead.

iCloud Keychain Sync

On Apple devices, passkeys sync via iCloud Keychain. This means a passkey created on your iPhone also works on your Mac (if signed into the same Apple ID).