How passkeys work
Unlike a password, a passkey isn’t a string of numbers, letters and symbols you need to remember to sign in to a website or app. Instead, passkeys let you sign in the same way you unlock your device using facial or fingerprint recognition or a device PIN.
A passkey actually consists of two keys—a public key that's shared and stored with Capital One and a private key that’s stored on your device or cloud account—and you need both to sign in to your online account.
Because the private key stays on your device, it’s phishing-resistant and more difficult to steal than a password.
Be careful about creating a passkey on a public or shared device because other people may be able to access the passkey and your online account. If you use a cloud-based service (like iCloud Keychain or Google password manager) where a passkey is shared across multiple devices, set up multi-factor authentication with that service.
Creating a passkey with Capital One
If you’re eligible to use passkeys to sign in on the web, you’ll see the option to create a passkey in 1 or more of the following places:
- A prompt on the sign-in page
2. A message highlighting passkeys
3. Your Capital One security settings
Select the link and follow the prompts to create a passkey from your browser or device.
The steps to create a passkey may vary based on your operating system or browser, but generally you'll be shown details about the passkey and then prompted to use the security features on your device like fingerprint or facial recognition, or your screen unlock PIN, password, or pattern to create the passkey.
Frequently asked questions (FAQ)
What’s a passkey?
Passkeys are a more secure and convenient way to sign in to apps and websites.
Unlike a password, a passkey isn’t a string of numbers, letters and symbols you need to remember. Instead, passkeys let you sign in the same way you unlock your device such as facial or fingerprint recognition, PIN or pattern.
A passkey actually consists of two keys—a public key that's shared and stored with Capital One and a private key that’s stored on your device or cloud account. You’ll need both to sign in to your online account.
Because the private key stays on your device, it’s phishing-resistant and more difficult to steal than a password.
How do I create a passkey?
If you’re eligible to use passkeys to sign in on the web, you’ll see the option to create a passkey in 1 or more of the following places: The prompt on the sign in page, any message you see highlighting passkeys and in your Capital One security settings.
Select the link and follow the 2-3 prompts to create a passkey from your browser or device. The steps to create a passkey may vary based on your operating system or browser, but generally you'll be shown details about the passkey and then prompted to use the security features on your device like fingerprint or facial recognition, or your screen unlock PIN, password, or pattern to create the passkey.
How do I sign in to Capital One using a passkey?
Once you’ve created a passkey with Capital One, look for the Sign in with a passkey option where you normally enter your password. Follow the prompts from your browser or device to use one of the security methods available such as facial or fingerprint recognition or a PIN.
Important note: Your sign-in data and device password stay with you and are never sent to Capital One.
Where do I find and manage a passkey after I create it?
After you create a passkey, you can find it in your Capital One Profile under Security. You can edit and delete existing passkeys or create new ones on other devices, if needed.
- Customize the names of your passkeys: By default, passkeys are named for the device they were originally created on. You can change the name of a passkey to something like “Personal Laptop” or “Tablet” to help identify the passkey associated with a specific device.
- Deleting a passkey is a 2-step process: We can help you delete a passkey from Capital One, but you’ll also need to delete it from the browser, device or password manager where you created it. This ensures you're not prompted to use the passkey the next time you sign in.
For step-by-step instructions on how to delete passkeys along with links to popular browsers and operating systems, see the FAQ labeled How do I delete a passkey?
