Passkeys: An easier way to sign in on the web

Passkeys are a more secure and convenient way to sign in to apps and websites. 

Unlike a password, a passkey isn’t a string of numbers, letters and symbols you need to remember. Instead, passkeys let you sign in the same way you unlock your device such as facial or fingerprint recognition, PIN or pattern.

A passkey actually consists of two keys—a public key that's shared and stored with Capital One and a private key that’s stored on your device or cloud account. You’ll need both to sign in to your online account. 

Because the private key stays on your device, it’s phishing-resistant and more difficult to steal than a password.

If you’re eligible to use passkeys to sign in on the web, you’ll see the option to create a passkey in 1 or more of the following places: The prompt on the sign in page, any message you see highlighting passkeys and in your Capital One security settings. 

Select the link and follow the 2-3 prompts to create a passkey from your browser or device. The steps to create a passkey may vary based on your operating system or browser, but generally you'll be shown details about the passkey and then prompted to use the security features on your device like fingerprint or facial recognition, or your screen unlock PIN, password, or pattern to create the passkey.

Once you’ve created a passkey with Capital One, look for the Sign in with a passkey option where you normally enter your password. Follow the prompts from your browser or device to use one of the security methods available such as facial or fingerprint recognition or a PIN. 

Important note: Your sign-in data and device password stay with you and are never sent to Capital One.

After you create a passkey, you can find it in your Capital One Profile under Security. You can edit and delete existing passkeys or create new ones on other devices, if needed.

• Customize the names of your passkeys: By default, passkeys are named for the device they were originally created on. You can change the name of a passkey to something like “Personal Laptop” or “Tablet” to help identify the passkey associated with a specific device.
• Deleting a passkey is a 2-step process: We can help you delete a passkey from Capital One, but you’ll also need to delete it from the browser, device or password manager where you created it. This ensures you're not prompted to use the passkey the next time you sign in.

For step-by-step instructions on how to delete passkeys along with links to popular browsers and operating systems, see the FAQ labeled How do I delete a passkey? 

A passkey consists of two keys—one that's shared and stored with Capital One and one that’s stored on your device. Deleting a passkey from both places is a 2-step process that ensures you're not prompted to use the passkey the next time you sign in:

1. We’ll help you delete the passkey from Capital One:

• Find the passkey in your Capital One security settings under Passkeys. 
• Select the trash can icon next to the passkey you’d like to delete.
• To confirm, select Yes, delete this passkey. 

2. You’ll need to delete the passkey from your device:

• Find the passkey in the security settings of the browser, device or password manager where you created it and follow the prompts to delete it. 
• Use the instructions for popular browsers and operating systems:
  • Chrome on Mac 
  • Google Password Manager for Android devices
  • iCloud Keychain
    • iPhone and iPad
    • Mac
  • Windows Hello 

These tips will help keep your passkey secure:

• Don’t create a passkey on a public or shared device—other people may be able to access the passkey and your online account. 
• If you use a cloud-based service (like iCloud Keychain or Google password manager) where a passkey is shared across multiple devices, set up multi-factor authentication with that service.