What you need to know about Imperial’s Passkey first initiative
Here are some useful FAQs about the initial Passkey rollout at Imperial. This initiative is suppported by the University Management Board and everyone account at Imperial must have a passkey in place (where posisble) to improve our cyber security efforts and prevent the threat from hackers and phishing scams.
What you need to know about Imperial’s Passkey first initiative
- What is a passkey?
- Why is the university introducing passkeys?
- Do I have to set up a passkey?
- Where are passkeys stored?
- Can I use a passkey on multiple devices?
- Why aren’t synced passkeys allowed?
- Will I still need to use a password?
- Will using a passkey affect my access to my applications or email?
- Will passkeys work when over Wi-Fi?
- Which browsers support passkey authentication use?
- Do I need to use a passkey every time I sign in?
- What should I do if I receive an unexpected MFA, email, phone or SMS authentication notification?
A passkey is a secure, passwordless way to sign in to applications, websites and other services.
Instead of typing a password, you use your device (desktop, laptop, phone or security key) to confirm it’s you by authenticating with your:
- Fingerprint (Biometric Fingerprint Recognition)
- Face (Biometric Facial ID Recognition)
- Your PIN
Passkeys are both a passwordless authentication method and an alternative to Multi-Factor Authentication (MFA).
Passwords are one of the most common ways that our accounts are compromised; even strong passwords can be reused across sites and can be guessed or stolen through phishing scams.
Multi‑Factor Authentication (MFA) has helped improve security, but you can still be tricked into approving sign‑in requests from phishing emails, and attackers can sometimes intercept login codes, wich means they can hack your account.
Passkeys have evolved MFA authentication which means it is harder for hackers to access your account because:
- there is no password to steal or reuse
- nothing is typed in manually or shared
- sign‑in to oyur account only works on your trusted device
Yes, you must set up a passkey to protect all core Imperial applications, services and websites.
We are not removing the use of passwords or MFA yet due to current technical and operational constraints (e.g. legacy applications, protocol limitations, integration dependencies).
However, we will reduce reliance on passwords over time.
Passkeys are stored on your device (e.g. phone, laptop, or hardware key).
Your passkey won't be shared with the university and won't be visible to ICT.
Yes, you can register up to ten unique keys per device on each of your accounts using one or more of the following methods:
- your smartphone
- laptop (MacOS and Windows devices)
- a hardware key (Yubi key)
Synced passkeys are considered a risk because:
- They can be copied across multiple personal devices and cloud accounts.
- They may sit outside university-managed security controls.
This makes it harder for ICT to:
- Ensure accounts are protected to the required security standard.
- Limit access if a device or personal account is compromised.
By using device-bound passkeys (stored only on a single device or hardware key), for this initial rollout, we can:
- Reduce the risk of unauthorised access
- Keep authentication tied to devices you directly control
- Better protect sensitive research and university data
We recommend using a second passkey on another device as a backup authentication method.
Yes, you will still need a password because:
- You are using a role, system or shared account.
- You are using a local account on your desktop, laptop or other system
- Some older or unsupported services may still require a username and password to sign in.
- Some older or unsupported services use sign-in methods that require your device to be physically nearby and able to connect locally.
NB: Some of our older systems and services include: Group Space file shares and Remote desktops (AVD and virtual servers), and shared lab equipment. If you know of any other services that should be listed here please contact the ICT Service Desk.
No, most modern applications support passkeys or MFA through the Microsoft Authenticator app.
Other authentication methods will remain available for any applications and services that do not support passkeys.
You can also use other authentication methods if you are using remote desktops or lab systems.
Yes, passkeys will work on Imperial-managed and other Wi‑Fi networks.
In some scenarios, such as when using network bridges, certain sign-in methods require your device to be physically nearby and able to connect locally.
The table below shows which browsers, and operating systems support the use of passkey authentication:
| Device or OS | Browsers | |||
|---|---|---|---|---|
| Google Chrome | MS Edge | Mozilla Firefox | Apple Safari | |
| Android | Yes | Yes | No | NA |
| ChromeOS | Yes | NA | NA | NA |
| iOS | Yes | Yes | Yes | Yes |
| Linux | Yes | Yes | Yes | NA |
| macOS | Yes | Yes | Yes | Yes |
| Windows | Yes | Yes | Yes | NA |
| Supported operating environments | 76 or later | Windows 10 version 1903 or later with Chromium-based Microsoft Edge | 66 or later |
Catalina 11.1 or later iOS 17 or later with Safari 14 |
Further information on Microsoft Entra ID supported browsers is available.
You may not be prompted to sign in every time you use applications and services as long as your device is trusted.
You may still be asked to authenticate from time to time for security checks or when accessing sensitive Imperial data, products, or services.
If you receive an unexpected MFA, email, phone or SMS authentication notification:
- Do not approve the request
- Select the 'No, it’s not me' option if this is available
- Report this to ICT Security - see Contact ICT Security for more information.
Get more FAQs
Support and further guidance
- Contact the ICT Service Desk for general passkeys enquiries and support
- Request a hardware key (ubikey/fido key).
- Report suspicious or unexpected behaviours to ICT Security.
- For anything related to our Passkey Champions network contact Ingrid Joannou
- Keep up with the latest cyber guidance on our Be Secure webpages.