Last updated
Last updated
Keyless helps organizations securely recover accounts and enroll new devices when users lose access to their originally enrolled device. These flows leverage the Keyless Mobile SDK.
Keyless offers two services that can be used as part of a device/account recovery experience.
For customers who have already established trusted alternative second factors such as passwords, SMS One-Time Passwords (OTPs), or email magic links. Keyless' face matching is typically used in combination with the existing factors to enroll the new device.
How it Works
The user downloads the app on a new device, enters their username and authenticates via a first factor (e.g., password, SMS OTP, email magic link).
Customers leverage the Keyless Mobile SDK to retrieve the KeylessID associated with the user and invoke a temporary state to enable secure account recovery.
This triggers the recovery flow via the Mobile SDK, which captures a selfie to authenticate against the originally enrolled user.
If successful, the new device is bound to the user’s identity, enabling ongoing authentication for login, step-up, or payment use cases.
Optional: Users can review and .
Customers can use our API to retrieve and delete devices bound to their users' identities. This allows users to have multiple devices, reducing both costs and security risks associated with device loss.
Customers use our GET and DELETE apis to create a “device management” experience, allowing users to:
View and manage their bound devices
Delete any device listed
Add a new device when needed
Find out more →
Find out more →
Find out more →
Find out more →
This page explains the options customers have when using Keyless to support an account recovery process, typically where the user loses access to the device with which they enrolled.