🔐

Enterprise-grade 2FA security

Having a Web3 wallet like NFID gives you complete control over your money, which is a major advantage compared to traditional bank accounts or crypto exchanges. Instead of holding your assets on your behalf, you truly own your money through the use of cryptography and decentralized networks. This means you have the freedom to use your assets as you please, without any restrictions.

However, since you're solely responsible for your assets, it's crucial to prioritize security.

Enable 2FA

NFID leverages the latest in enterprise security to make sure you’re the only person able to access your account with passkeys.

Create a passkey

Assuming you’ve linked an email address to your NFID, you’ll need to create a passkey to enable 2FA.

‼️
We recommend creating two passkeys before enabling 2FA.
What are passkeys?

Apple describes passkeys as streamlined, next-generation account security.

Google describes them as an easier and more secure way to sign in to apps and websites.

Passkeys replace passwords by making it so a key is used instead of a sequence of characters that only you should know. This key is stored on your device or other highly secure environment, and will only sign you in when you unlock your device (i.e. with a fingerprint, face, screen unlock). That means only the person who can unlock your device is able to authenticate to your account, making this the most secure authentication method on the internet.

Why is there a two passkey recommendation?

Since you’re solely responsible for your assets, it’s important to ensure you can access them when 2FA is enabled. If you had one passkey and lost it, you’d be locked out of your account. You could of course use a recovery phrase, but best practice security guidelines are to not use one.

Which passkeys should I create?

We recommend at least 1 multi-device passkey on your phone or tablet and 1 single-device passkey on the most-used browser of your computer.

Creating and managing a multi-device passkeyCreating and managing a multi-device passkeyCreating and managing a single-device passkeyCreating and managing a single-device passkey

Deleting a passkey

You will be able to delete passkeys from the security page of your NFID. However, you will still need to manually remove the passkey from your device to remove them from your display when authenticating next time. This is not necessary, but it will make it more convenient for you to know which passkeys will authenticate you to your NFID if you make sure to remove the ones that won’t.

Removing a passkey from your iOS device
  1. Open the “Settings” app on your phone.
  2. Search for “Passwords” in the search bar and click on “Passwords”.
  3. Enter your Touch ID, Face ID or passcode (depends on your device and what you have set up).
  4. Search for nfid.one.
  5. Click on an entry.
  6. Click “Delete Passkey”.
  7. Repeat steps 5 and 6 for each passkey to be deleted.
Removing a passkey from your MacOS device
  1. Open the “System Settings” app on your computer.
  2. Click “Passwords” in the sidebar.
  3. Enter your Touch ID or password.
  4. Search for nfid.one.
  5. Click on the info button next to the passkey you want to delete.
  6. Click “Edit”
  7. Click “Delete Passkey”.
  8. Repeat steps 5, 6, and 7 for each passkey to be deleted.
Removing a passkey from your Android device and Google Password Manager
  1. Go to “Settings” in Chrome.
  2. Search for “passkey” in the search bar and click on “Password Manager”.
  3. Click on “Manage passkeys”.
  4. Search for nfid.one.
  5. Click on the dots next to the passkey you want to delete.
  6. Click “Delete”
Removing a passkey from your Windows device and Windows Hello

Our recommendations

We recommend having at least one multi-device passkey saved to your iCloud Keychain or Google Password Manager and one other.

Why a multi-device passkey saved to iCloud Keychain or Google Password Manager?
  1. It’s easier to use if you have multiple devices. Having one of these passkeys means that no matter which browser you use on your iPhone, iPad, or Android device, you’ll simply use your device unlock to securely sign in. Also if you have a desktop or laptop computer that doesn’t support device unlock, you’ll still be able to securely sign in by scanning it with your phone or tablet. (Tip: if your desktop or laptop computer does support device unlock, creating a single-device passkey from that computer will let you securely sign in with it.)
  2. It’s easier to secure. Losing a device or deleting your browser cache will not be a problem with one of these passkeys because it’s securely synced to your Apple or Google or Microsoft account. All three manufactures have done excellent work in cryptography to ensure this passkey is accessible only to you and absolutely nobody else, not even those companies. (Note: Although they can’t access your passkeys, these companies could theoretically prevent your access to them by locking your account. For this reason, we recommend at least one other passkey either single-device and better yet saved to a hardware USB security key like a YubiKey or Ledger.)
Which other should I create?
  • A hardware USB security key like a YubiKey or Ledger is a great investment in your security. Having even just one of these stored in a safe location will make sure that, worst case scenario, you’ll always be able to sign in with that. Having multiple of these stored in different locations will give you even greater security and piece of mind that wherever you may be, your NFID assets are accessible from multiple safe points.
  • In the case you have a desktop or laptop computer and want to sign in with your fingerprint/face/pin there instead of scanning a QR code, create a single-device passkey on that computer. (Note: see )

Passkey optimization

If you’ve already created a multi-device passkey and want to use the fingerprint/face/pin sign in of your computer instead (screenshot example below), create a single-device passkey on your computer.

QR code scan to sign in

image

Fingerprint/face/pin sign in

image