Account Recovery

Keyless helps organizations securely recover accounts and enroll new devices when users lose access to their originally enrolled device. These flows leverage the Keyless Mobile SDK.

Keyless offers two services that can be used as part of a device/account recovery experience.

• Enroll a new device

• Managing multiple enrolled devices

Enroll a new device

For customers who have already established trusted alternative second factors such as passwords, SMS One-Time Passwords (OTPs), or email magic links. Keyless' face matching is typically used in combination with the existing factors to enroll the new device.

How it Works

1. The user downloads the app on a new device, enters their username and authenticates via a first factor (e.g., password, SMS OTP, email magic link).

2. Customers leverage the Keyless Mobile SDK to retrieve the KeylessID associated with the user and invoke a temporary state to enable secure account recovery.

3. This triggers the recovery flow via the Mobile SDK, which captures a selfie to authenticate against the originally enrolled user.

4. If successful, the new device is bound to the user’s identity, enabling ongoing authentication for login, step-up, or payment use cases.

5. Optional: Users can review and delete previously bound devices.

Find out more → Account Recovery (Mobile SDK)

Find out more → Retrieve and delete devices via API

Managing multiple enrolled devices

Customers can use our API to retrieve and delete devices bound to their users' identities. This allows users to have multiple devices, reducing both costs and security risks associated with device loss.

Customers use our GET and DELETE apis to create a “device management” experience, allowing users to:

• View and manage their bound devices

• Delete any device listed

• Add a new device when needed

Find out more → GET and DELETE user devices

Find out more → Add user device