Account Security

Protect your own Ploy account — sign in with Passkeys instead of a password, or use them as a second factor when signing in with email & password.

Sign in with Passkeys

Passkeys are a phishing-resistant alternative to passwords. Instead of typing a password, your device authenticates you using biometrics (Face ID, Touch ID, Windows Hello, etc.) or a hardware security key. Passkeys can't be leaked in a data breach and can't be phished.

Setting up a passkey

  1. Open the account menu in the lower-right corner of any Ploy workspace page and click Security.
  2. Under Passkeys, click Add a passkey.
  3. Follow your browser or device prompt to register the passkey (Face ID, Touch ID, Windows Hello, or a hardware key).
  4. Give the passkey a name to help you identify it later (e.g. MacBook Touch ID).

When you click Add a passkey, your browser and operating system may offer several password managers to store it — any of them will work. We recommend using an OS-native store like iCloud Passwords where available, as it enables Touch ID sign-in without any additional software.

Browser-integrated managers like 1Password may appear as the first option presented. Any is valid — if you'd prefer to use a different store, click the × to dismiss it and choose another.

After dismissing any browser extension popups, macOS will present the Touch ID to Save Passkey dialog — we highly recommend accepting this. If you're on Chrome or a Chromium-based browser and cancel out of the Touch ID prompt, you'll be offered additional storage options: iCloud Keychain, a phone, tablet, or security key, or Your Chrome profile. We don't recommend the Chrome profile as your only passkey — but adding one as a convenience alongside your OS passkey is fine.

Once registered, you can use the passkey on your next sign-in instead of your password. You can add multiple passkeys — one per device is recommended.

Signing in with a passkey

Once a passkey is set up, upon next sign-in you can use the Log in with a passkey button below the standard email/password form. Click it and your device will prompt you for biometric confirmation (Touch ID, Face ID, Windows Hello, etc.) — no password needed.

Passkey as a second factor (MFA)

If you have Enhanced Security enabled on your account and have registered at least one passkey, Ploy will require a passkey verification step after a successful email & password sign-in. This means even a correct password alone isn't enough — your registered device must also confirm the sign-in.

This protects you in the event that your password is compromised. An attacker who obtains your password still cannot access your account without also passing the biometric check on one of your enrolled devices.

  • Applies to: email & password sign-ins when Enhanced Security is enabled and one or more passkeys are registered.
  • Not affected: Google sign-in (OAuth) — Google's own authentication handles security for those sessions.

To stop being prompted for a second factor, you can either remove all registered passkeys or disable Enhanced Security from the Security panel in your account menu. Note that removing all passkeys may prevent you from performing sensitive operations if your Organization has mandated Enhanced Security at the organizational level.

Removing a passkey

Go to Security in the account menu, find the passkey you want to remove, and click Delete. We recommend deleting passkeys associated with devices or accounts you no longer control. Deleting all passkeys from your account may prevent you from performing sensitive operations in your Organization if your organizational owner has mandated Enhanced Security at the organizational level.