Pular para conteúdo principal
Carregando...

How to set up and use passkeys in MetaMask Extension

informações

Biometric unlock using passkeys is available for SRP-accessed accounts only. If you access MetaMask with a Google/Apple login, this feature is not currently supported.

Like MetaMask Mobile where you can unlock your wallet using Face ID or your fingerprint, MetaMask Extension now supports passkeys, allowing you to unlock your wallet with biometrics like Touch ID instead of typing your password every time.

This guide explains how to set passkeys up, how they work, and what to expect.

What are passkeys?

Passkeys are a stronger, simpler alternative to passwords. Unlike a password, which is a secret you type and can be phished, leaked in a data breach, or forgotten, a passkey is a cryptographic key that lives on your device. You never see it or type it. Your device handles everything, and nothing “secret” is ever sent over the internet.

When you unlock MetaMask Extension with biometrics, your device uses your fingerprint or face to confirm it's you, then uses the passkey to unlock your wallet automatically. The passkey is bound to MetaMask specifically, so even if someone tricks you into visiting a fake site, your passkey cannot be used there.

In short: passkeys can't be leaked, can't be phished, and can't be guessed, making them more secure than a password alone.

How to set up a passkey

Passkeys can be set up on MetaMask Extension when creating a new wallet during onboarding, or enabled/disabled within settings at any time.

During onboarding:

  • Click 'Set up Biometrics'
  • Choose the method you want (Google Password Manager, iCloud Keychain, browser profile, etc.)
  • Register and validate Touch ID (or the biometric available on your device)
  • Done! When you open MetaMask, select 'Unlock with Biometrics' to access your wallet
    • You can also fall back to unlocking with your password at any time

Within Settings:

  • Click the menu icon in the top right
  • Select 'Settings' > 'Security and Privacy'
  • Toggle 'Unlock with Biometrics', then click 'Set up Biometrics'
  • Enter your password to continue
  • Choose the method you want (Google Password Manager, iCloud Keychain, browser profile, etc.)
  • Register and validate Touch ID (or the biometric available on your device)

To disable passkeys:

  • Click the menu icon in the top right
  • Select 'Settings' > 'Security and Privacy'
  • Toggle 'Unlock with Biometrics' to disable it
dica

Make sure you know your password before disabling your passkey as it will be the only way to unlock your wallet once touch ID is turned off. If you do not have your password, you will need to use your SRP to restore access to your wallet.

Your SRP and security

Enabling biometric unlock does not change how your wallet is protected or how recovery works:

  • Your SRP remains the only true recovery mechanism. If you lose access to your device or need to restore your wallet on a new one, you'll always need your SRP. The passkey cannot substitute for it.
  • Your password is always available as a fallback. If biometric verification fails or your passkey is deleted, you can still unlock with your password as normal.
  • Your passkey is device- and instance-specific. Because your vault lives locally on your device, a passkey set up in one MetaMask instance only works for that instance. If you import your SRP into a new MetaMask installation, you'll go through the standard setup flow and can then set up a new passkey for that instance. Your old passkey will not carry over.
SRP importance

Even with biometric unlock enabled, always keep your SRP stored safely offline. It is the only way to restore your wallet if you ever lose access to your device.

Questions

Does my passkey sync across devices?

Not in a way that lets you use it on another MetaMask instance. Depending on your device and OS, your passkey may sync to a cloud account (such as iCloud Keychain or Google Password Manager). However, the encrypted vault it unlocks only exists on the specific device where the passkey was created. A synced passkey from another device won't work with a different MetaMask instance (on a different device). Each instance requires its own passkey setup.

Why is it taking so long to load?

If you attempt to unlock with biometrics in the side panel and either cancel the prompt or fail verification, the side panel is not immediately notified that the attempt was unsuccessful. The loading spinner will continue for up to 30 seconds before the ‘Unlock with Biometrics’ button reappears. This is a known limitation that cannot be fixed at this time.

To retry and load sooner, open MetaMask in full-screen mode and attempt biometric unlock from there.

How does biometric unlock actually work?

Your passkey is a separate layer that sits on top of your existing wallet security. It doesn't replace your password or touch your Secret Recovery Phrase (SRP) in any way.

  • Your password derives a local encryption key that protects your vault — where your SRP and account data are stored, encrypted, on your device.
  • When you set up a passkey, it generates a separate wrapping key that encrypts a copy of that local encryption key and stores it locally.
  • When you unlock with biometrics, the passkey unwraps the local encryption key, which decrypts your vault — skipping the password entry step entirely.

Your SRP is never involved, and your password always works as a fallback.

Was this helpful?
Connect MetaMask to provide feedback
What is this?
This is a trial feedback system that uses Verax to record your feedback as onchain attestations on Linea Mainnet. When you vote, submit a transaction in your wallet.