Documentation Hub
Start Here
Start Here
  • Keyless: an overview
  • Enrollment
  • Authentication
  • Account Recovery
Powered by GitBook
On this page
  • Enroll a new device
  • Managing multiple enrolled devices

Was this helpful?

Account Recovery

This page explains the options customers have when using Keyless to support an account recovery process, typically where the user loses access to the device with which they enrolled.

Last updated 4 months ago

Was this helpful?

Keyless helps organizations securely recover accounts and enroll new devices when users lose access to their originally enrolled device. These flows leverage the Keyless Mobile SDK.

Keyless offers two services that can be used as part of a device/account recovery experience.

Enroll a new device

For customers who have already established trusted alternative second factors such as passwords, SMS One-Time Passwords (OTPs), or email magic links. Keyless' face matching is typically used in combination with the existing factors to enroll the new device.

How it Works

  1. The user downloads the app on a new device, enters their username and authenticates via a first factor (e.g., password, SMS OTP, email magic link).

  2. Customers leverage the Keyless Mobile SDK to retrieve the KeylessID associated with the user and invoke a temporary state to enable secure account recovery.

  3. This triggers the recovery flow via the Mobile SDK, which captures a selfie to authenticate against the originally enrolled user.

  4. If successful, the new device is bound to the user’s identity, enabling ongoing authentication for login, step-up, or payment use cases.

  5. Optional: Users can review and .

Managing multiple enrolled devices

Customers can use our API to retrieve and delete devices bound to their users' identities. This allows users to have multiple devices, reducing both costs and security risks associated with device loss.

Customers use our GET and DELETE apis to create a “device management” experience, allowing users to:

  • View and manage their bound devices

  • Delete any device listed

  • Add a new device when needed

Find out more →

Find out more →

Find out more →

Find out more →

Account Recovery (Mobile SDK)
Retrieve and delete devices via API
GET and DELETE user devices
Add user device
Enroll a new device
Managing multiple enrolled devices
delete previously bound devices