How do I perform 2FA using passkeys?

Once you opt into passkeys, they become your default 2FA method across both web and mobile, for all authentication, including sign-ins and withdrawals. Passkeys created using your mobile phone will require only biometric authentication, such as fingerprint or Face/Touch ID, to complete 2FA across any device. If you store passkeys on a specific  device, other devices will prompt you to scan a QR code to connect to your primary device which will not work.

For example, if you set up passkeys using your phone and then attempt to log in on your computer, a QR code will appear on the computer screen. Open the camera app on your phone to scan the QR code and follow the on-screen instructions to complete the authentication process. But if you store your passkey on Chrome browser or Windows Hello within your laptop, then you will be not be able to use that passkey on other devices. We encourage you to log back into that device and setup a passkey using your mobile device or a cloud provider to ensure continued access on other devices you use to access Gemini.

I created a passkey on mobile. Do I need to scan a QR code each time I try to login on desktop? 

Yes, if you created a passkey only on mobile, you will need to scan the QR code from your mobile device each time you log in via desktop browser. Alternatively, you can set up another passkey on your desktop device.

Why do I see a QR code when signing in with a passkey on mobile?

If you see a QR code on your mobile device when signing in with a passkey, it means that device doesn't have a stored passkey for Gemini. This typically occurs if your passkey was created on another device, such as a web browser.

To resolve this: 

• Use your passkey to access your account via web browser that has your passkey stored. Ensure you are using an authorized device or authorize your current device.
• Temporarily turn on the Authenticator App2FA option in your security settings.
• Open the Gemini app on your mobile device, use authenticator app as your 2FA through “Verify Another Way” option and then navigate to Security Settings to create a new passkey on mobile. This passkey can now be used across web and mobile.
• After setting up the passkey on your mobile app, disable authenticator app  to keep your account more secure with passkeys

How do I sign in on the Gemini mobile app if I can sign in using passkey on my laptop or another device?

Use the “Sign in with another device” option on passkey 2FA screen:
If your passkey was set up on another device such as a laptop and is not accessible on your mobile device, Gemini now offers a way to link your devices and regain access to the mobile app.

To sign in using another device:

1. Open the Gemini app to sign in on your mobile device.
2. Tap "Sign in with passkey" and then tap “Sign in with another device”. Note: this option will only be available when passkeys are the only way configured to sign in to your account.
3. On a device where your passkey is available (e.g., your desktop browser or windows hello), go to www.gemini.com/link and sign in using your passkey.
4. Once logged in, you will need to approve the mobile device before you can view a 6-digit code displayed on the web.
5. Enter that code back into the Gemini mobile app after clicking "Enter code".
6. You will now be signed in to the app and prompted to create a new passkey or authenticator app to ensure continued access across all devices.

How do I sign in to Gemini if I have lost access to my passkey?

You might be eligible to recover your account in a self-service manner through the Recover Your Account option on the 2FA page. You can start account recovery by:

1. Inputting your email and password on sign in
2. Tap “Get Help” on the 2FA screen in the Gemini app.
3. If you see two options: "Recover My Account" or "Contact Support" then you are eligible to self-serve the account recovery process.
4. Choose “Recover Your Account” to start the account recovery process.
5. When you click "Get Help" you will be routed to the Submit a Request page directly.  This  means you are not eligible for self-service and have to submit documents to our support team to recover your account manually when you get an email from our support team. Create a new ticket here with category "Signing In" and select "I need help with my 2FA method".
6. For the self-serve account recovery process, you may need to upload your identification documents (DL, Passports, etc.) and selfie as well as verify your email and phone number registered to your Gemini account before you can create a new passkey or authenticator app for resetting your 2FA method. After resetting your 2FA method, you will be able to gain access back to your account immediately.

Note: You will have 3 attempts to complete the recovery. If unsuccessful, please retry after 24 hours.

Why can’t I sign in using a passkey on my iOS 15 device?

iOS 15 only supports device-bound passkeys, meaning you can only use passkeys that were created directly on that specific device. It does not support scanning QR codes to authenticate with a passkey from another device. If you try to sign in without a passkey on the iOS 15 device, you'll see the message:
“Insert and activate your security key.”

How can I sign in if I don’t have a passkey set up on my iOS 15 device?

You should use an alternative 2FA method such as TOTP (e.g., Authenticator app) to sign in. Once signed in, you can then create a device-bound passkey on your iOS 15 device.

What happens if I upgrade from iOS 15 to iOS 16 or later after setting up a passkey?

If you created the passkey while on iOS 15, it remains device-bound even after upgrading. It will not sync across your Apple devices, unlike passkeys created on iOS 16+.

Can I switch to a cross-device passkey setup later?

Yes. After upgrading to iOS 16 or later, you can delete the old device-bound passkey and create a new one. This new passkey will then sync across your iCloud Keychain-supported devices.