#  Passwordless Authentication 

 



#  Passwordless Authentication 

 Programs & initiatives 

Learn more about this faster, more secure way to sign into HarvardKey, including quick-start instructions



 

 

 

       ![Infographic showing how biometrics unlock a HarvardKey-protected resource](/sites/g/files/omnuum10811/files/styles/hwp_21_9__1920x825/public/2026-05/Passwordless%20Web%20Banner%20-%20light%20orange.png?itok=AnAXwyn5) 

 

 



 

 



 

##  Contents 

- [Overview](#overview)
- [Quick-start instructions](#instructions)
- [Learn more: What is passwordless authentication? ](#learn)
- [Get help / more resources](#help)



 

##  Overview 

Now that the University’s transition to Okta for identity verification is complete, we’re moving to the next phase of our efforts to protect Harvard against a nationwide rise in cyberattacks targeting higher education: requiring **“passwordless” authentication** for all Harvard staff.

Passwordless authentication with Okta means you verify your identity with your **fingerprint, facial recognition, or device-specific PIN**, keeping your HarvardKey account much more secure than using a traditional password.

To use passwordless authentication, you need to set it up on **all the devices** that you use to access HarvardKey-protected resources.

## Didn’t I already enable passwordless when I switched to Okta? 

Although many people at the University did enable passwordless authentication during the transition to Okta, **it was not automatic** and it requires additional steps. [**You can check whether you have passwordless authentication enabled on your devices at this link**](https://key.harvard.edu/manage-account/passwordless/readiness).

## What do I need to do?

**If you haven’t yet enabled passwordless authentication**, or if you need to set it up on additional devices, you can get started now by following the [quick-start instructions below](#instructions).

HUIT will also contact all remaining staff over the next few months to make sure everyone is able to set up passwordless authentication.



 

##  Quick-start instructions 

### First: Start with your primary mobile device

1. Open the Okta Verify app on your mobile device.
2. Select your account.
3. In the **Account Details** screen, under **Security** toggle on:
    1. **Android:** Screen lock confirmation or Face ID
    2. **Apple (iOS):** Face ID or Passcode Confirmation
4. Verify your identity when prompted.
5. The next time you sign into a HarvardKey-protected resource on this device, select **Okta Verify > Use Okta FastPass** to sign in with a passwordless authentication method.

### Next: Set up additional devices

After you’ve set up your primary mobile device, you need to enable passwordless authentication on **all other devices** that you use to sign into HarvardKey.

Start with these steps:

1. Make sure you have your primary mobile device with you
2. Download and install the Okta Verify app on your additional device, if you haven't already
3. Enable Bluetooth on **both** your primary device and your additional device
4. On your primary mobile device, open **Okta Verify**, select your account, and tap **Add account to another device**
5. Then, follow the specific steps listed below for each additional device that you have



 

  Open all sections   Close all sections  



###    Mac computer (Touch ID)  expand\_more  

1. [Turn on Touch ID & Password in your device settings](https://support.apple.com/guide/mac-help/use-touch-id-mchl16fbf90a/mac).
2. Click **Add account to another device** and keep the QR code visible.
3. On your Mac, open **Okta Verify** from the top menu bar and click **Add account**, then pair using the QR code or code.
4. When prompted, enable **Touch ID** and verify your identity.
5. When signing in, select **Okta Verify > Use Okta FastPass**.

 

 



###    Windows computer (Windows Hello)  expand\_more  

1. [Turn on **Windows Hello** (PIN, face, or fingerprint) in your device settings](https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0).
2. On your Windows computer, open **Okta Verify** and click **Add account**, then pair your devices.
3. Enable **Windows Hello** in Okta Verify and complete verification.
4. When signing in, select **Okta Verify > Use Okta FastPass**.

 

 



###    Additional iPhone or iPad  expand\_more  

1. On the new Apple device, open **Okta Verify**.
2. Tap **+ > Organization > Add account from another device**, then scan the QR code.
3. Enable **Face ID or passcode confirmation** and allow notifications.
4. Sign in using **Okta Verify > Use Okta FastPass**.

 

 



###    Additional Android device  expand\_more  

1. On the new Android device, open **Okta Verify**.
2. Tap **Add account from another device** and scan the QR code.
3. Enable **screen lock or biometrics** and allow notifications.
4. Sign in using **Okta Verify > Use Okta FastPass**.

 

 



 

 

 

 

##  Learn more: What is passwordless authentication? 

Traditional multifactor (or “two-step”) authentication methods such as push notifications, phone calls, or SMS messages still rely on entering a password which can be guessed, phished, or stolen via an insecure website. Passwordless authentication replaces passwords with either:

- **Your fingerprint or facial recognition (also known as “biometrics”)** using your device’s built-in fingerprint or face authenticators (e.g. Windows Hello, Touch ID, Face ID). Because biometrics are unique to you and stored securely on your device, they cannot be guessed or shared.
- **A device-specific PIN or passcode** that is encrypted and tied exclusively to your device. This PIN only grants access on the device where it was set up, so even if it’s stolen or guessed, it’s useless without physical access to your device.

In addition to significantly improving security, passwordless authentication makes signing in to HarvardKey faster and easier by verifying your identity directly on your device.



 

##  How does it work? 

Passwordless login uses a secure digital credential called a passkey, which is linked to your HarvardKey account.

When you sign in, your device verifies your identity using a fingerprint, face scan, or device PIN. This biometric information stays on your device and is never shared with Harvard or Okta.

After your identity is verified, your device uses the passkey stored on it to securely confirm that you are the account owner, allowing you to sign in without entering a password.

 

 



 ### 1. Confirm it’s you 

Using your device’s built-in security mechanism (e.g., Touch ID, Face ID, Windows Hello, or a device-specific PIN).



 

   ![Phone with Touch ID and Face ID icons displayed on the screen.](/sites/g/files/omnuum10811/files/styles/hwp_1_1__360x360_scale/public/2026-06/Step%201%20-%20Confirm%20its%20you.png?itok=MN495aum) 

 

 

 

 ### 2. Your device unlocks a private key. 

A unique, encrypted credential is unlocked — only accessible on your device.



 

   ![Phone with a key icon displayed on the screen.](/sites/g/files/omnuum10811/files/styles/hwp_1_1__360x360_scale/public/2026-06/Step%202%20-%20Unlock%20private%20key.png?itok=gK2JIzGx) 

 

 

 

 ### 3. Instantly sign in to HarvardKey. 

The private key securely authenticates you without a password.



 

   ![HarvardKey logo with a green checkmark above it.](/sites/g/files/omnuum10811/files/styles/hwp_1_1__360x360_scale/public/2026-06/Step%203%20-%20Sign%20into%20Harvardkey.png?itok=59dzXEwV) 

 

 

 

  

 

 

 

##  Get help / More resources 

 



 help\_outline 

 [### Contact the HUIT Service Desk

 ](/get-help)Submit a ticket, call, or chat online.



 

 

 check\_box 

 [### Passwordless status

 ](https://key.harvard.edu/manage-account/passwordless/readiness)Check which of your devices are enabled for passwordless.



 

 

 gpp\_maybe 

 [### Alternate authentication methods

 ](https://harvard.service-now.com/ithelp?id=kb_article&sys_id=3ead366f2b6eaed048cafa95e391bf91#alt)If you can't set up passwordless authentication, review these Okta alternatives.