Skip to main content

🔑 Passkeys

Shopi supports Passkeys, a faster and more secure way for sellers to sign in and authorize sensitive account changes — without typing a password. Instead of a password, a passkey uses the biometric or security method already built into your device:

Face ID

Authenticate instantly on supported iPhones, iPads, and Macs.

Fingerprint

Use Touch ID or Android fingerprint sensors to verify it’s you.

Windows Hello

Sign in on Windows devices with face recognition, fingerprint, or PIN.

External Device

Use a hardware security key or a paired phone as your passkey.
You’re not limited to one. You can register a passkey on every device you use to manage your Shopi store — your laptop, your phone, and a hardware key can all work independently.

🧠 Why Passkeys

Passwords can be guessed, reused, leaked in breaches, or phished. Passkeys remove that risk entirely.

Nothing to steal

Passkeys are backed by cryptographic key pairs. There’s no shared secret sitting in a database for an attacker to leak.

Phishing resistant

A passkey only works on the legitimate Shopi domain it was created for, so fake login pages can’t capture it.

Faster sign-in

One glance or one touch, and you’re in. No more remembering or resetting passwords.

Synced across devices

Your device or password manager keeps passkeys backed up, so switching phones doesn’t lock you out.

⚙️ How Passkeys Work on Shopi

1

Go to Account Security

Open your Seller Dashboard → Settings → Shop Information.
2

Select 'Add a Passkey'

Go all the way down, you will find a section as Personal Information and ** Add Passkey** Press it, Shopi will prompt your device to create a new passkey.
3

Confirm with your biometric or device

Use Face ID, fingerprint, Windows Hello, or tap your external security device when prompted.
4

Done

Your passkey is now linked to your Shopi seller account and ready to use for sign-in and sensitive actions. When Signin you can simply press, Signin with Passkey and logged in. No more entering email / passwords.
You can register more than one passkey. Most sellers add a passkey on their phone and their laptop so they’re never locked out of either.

🔒 Sensitive Actions That Require a Passkey

Some account actions are sensitive enough that Shopi requires passkey verification, even if you’re already logged in. This prevents an attacker who gains temporary access to your session from being able to take over your account.
Updating your password requires a passkey confirmation. This stops someone with a stolen session token from locking you out of your own account.
💡 Fun fact: Even if a friend picks up your unlocked phone, they still can’t make sensitive changes to your Shopi account — passkey confirmation has you covered.
Your account email is tied to password resets and critical notifications. Shopi requires passkey verification before it can be changed.
Deleting an existing passkey or registering a replacement requires verification with an existing passkey (or a fallback recovery method) so attackers can’t simply swap in their own.
Ownership transfers are permanent and high-impact, so Shopi requires passkey confirmation before the transfer can be finalized.
If a sensitive action is requested and passkey verification fails or is unavailable, Shopi will block the change rather than fall back to a weaker method. This is intentional — it’s the same protection that keeps attackers out.

📱 Choosing a Passkey Method

Available on iPhones, iPads, and Macs with a TrueDepth camera. When prompted, look at your device’s camera to confirm. Face ID passkeys sync via iCloud Keychain across your Apple devices.

❓ Frequently Asked Questions

Your account keeps a password as a fallback recovery method, but day-to-day sign-in and sensitive actions can be done entirely with your passkey.
If you have a passkey registered on another device, use that to sign in and manage your account. If all passkey devices are lost, use account recovery from the sign-in screen to verify your identity and regain access.
Yes. Passkeys work the same way for staff accounts with dashboard access, scoped to whatever permissions that staff account already has.
No. Face ID, fingerprint, and Windows Hello data never leaves your device. Shopi only receives a cryptographic confirmation that the check succeeded.
Passkeys follow the FIDO2 / WebAuthn standard, the same open standard used by Google, Apple, and Microsoft. Shopi doesn’t store your biometric data — only the public key needed to verify your sign-ins.

🧭 Learn More

Shopi Security Architecture

See how authentication, encryption, and infrastructure protection work together across Shopi.

Account & Staff Permissions

Learn how to create staff accounts with scoped access instead of sharing your own login.