What are the benefits of using a passkey?
- More secure. Help prevent phishing, cyberscams and other cyberattacks caused by password reuse and database breaches.
- Convenient. Use your biometrics or PIN to unlock your device and log in to your account. No need to create, remember, or update complex passwords.
- Transformative. Expected to become industry standard and best practice for online security.
What is a passkey?
Passkeys unlock your device using your biometrics or a PIN. Unlike passwords, passkeys can only exist on a user’s device(s) to log in to websites and apps. Passkeys are a passwordless option built using requirements and protocols determined by the FIDO Alliance. Passkey support and functionality works across all platforms and browsers that follow the FIDO Alliance standards.
How do passkeys work?
Passkeys store a private key on a device. Once added to an online account, that device creates a corresponding key shared to the online account. To log in for online account access, an approved sign in must first occur on the device with the passkey. Once that device is unlocked using the user’s biometrics or PIN, online account access is authorized using the shared passkey.
After a passkey is created and connected to an online account, the first step to log in is typically to scan a QR code displayed by the device for the online account requiring the passkey. The device with the online account will verify that the passkey is within proximity of the device and matches the passkey that was saved.
Are there specific requirements for creating a passkey?
Passkeys can be created on the following devices:
- A laptop or desktop that runs at least Windows 10, macOS Ventura, or ChromeOS 109
- A mobile device that runs at least iOS 16 or Android 9
- A hardware security key that supports the FIDO2 protocol
Sign in with a passkey from a desktop computer, tablet or mobile phone using one of the following supported browsers:
- Microsoft Edge and Google Chrome on Windows
- Edge, Safari and Google Chrome on macOS
- ChromeOS
How do I create or add a passkey?
If you use multiple devices, e.g. a laptop, a mobile phone or a tablet, you can create a passkey for each one. You can add a passkey when you log in to the secure site on ameriprise.com, by selecting Log in and create passkey in the Log In screen. Or after you log in, by selecting Security Settings in Profile. You can also add a passkey using the Ameriprise Financial app after logging in and selecting Login & Security within the More menu.
What is a security key and how do I use it for passkey?
A security key is a small physical device that adds an extra layer of protection to your account by enabling secure, passwordless account access to verify your identity. We currently offer two types of security keys for passkey:
- USB - A physical device that plugs into your computer’s USB port. Like a flash drive used to share files.
- Near Field Communication (NFC) – A physical device that enables a wireless connection to your phone or computer by tapping or holding the devices close together. Like contactless payment or pairing devices like your headphones to a phone.
Either of these security keys can be purchased online and at a trusted tech retailer. Just be sure to confirm the one you choose is FIDO-2 certified.
Once you have a security key, add it to your account after you log in. Choose to save your passkey as a security key and follow the prompts.
How many passkeys can I have?
Multiple passkeys can be created for every device allowed access to your account. Ameriprise limits the number of passkeys to three. Once this limit is reached, a passkey will need to be deleted to add a new one. This is a security measure to prevent unauthorized access and misuse.
How do I remove a passkey?
To remove a passkey, log in to the secure site on ameriprise.com, go to Profile and select Security Settings. Then go to the Login Security card and select Remove for the passkey you would like to delete. You can also remove a passkey using the Ameriprise Financial app by logging in, selecting Login & Security within the More menu and then selecting Passkey and Remove. If there is only one passkey associated with your account, a password will be required for account access going forward.
Is 2-Step Verification still a requirement if I am using a passkey?
If a passkey is being used, 2-Step Verification will only be required at log in if a security risk has been identified.
What do I do if the device with my passkey is lost or stolen?
If a device with your passkey is lost or stolen, you can use your password and a second security step that will be prompted at log in. Then go to your Profile and delete the passkey enrolled on the lost device. For details, go to Apple’s help page or Google's help page.
Customer Service can also help with account access or permanently block a device from receiving notifications.