Can passkeys be used together with other auth factors?

Yes, passkeys can be used alongside other authentication factors to provide multi-factor authentication (MFA) or layered security approaches. Depending on security requirements, organizations can implement passkeys as a standalone method or as part of a multi-factor authentication flow.

While passkeys alone provide strong phishing-resistant authentication, they can also be combined with other factors for added security, especially in high-risk environments. Examples include:

• Passkeys + Hardware Security Keys: Users authenticate with passkeys but may be required to verify using a physical security key (e.g., YubiKey) for sensitive actions.
• Passkeys + Device PIN or Biometrics: Some systems may enforce an additional PIN or biometric verification step before using a passkey.
• Passkeys + Context-Based Authentication: Organizations can introduce risk-based authentication, where passkeys alone suffice under normal conditions, but additional verification (e.g., email OTP or push notification) is required for unusual login attempts.

• Unlike password-based 2FA, passkeys eliminate the need for a password entirely.
• However, organizations can still require an additional MFA factor for high-security use cases, such as logging in from a new device or accessing sensitive data.

• Regulatory Compliance: Some industries (e.g., finance, healthcare) mandate multi-factor authentication for compliance with PSD2, HIPAA, or SOC2.
• High-Security Use Cases: Admin accounts, financial transactions, and enterprise logins may benefit from passkeys + a second factor.
• User Risk Profiling: Systems can assess risk levels and dynamically require additional authentication when necessary.

Passkeys are inherently secure, phishing-resistant, and can be used alone or combined with other authentication factors. While standalone passkeys offer strong security, organizations can enhance security further by pairing them with hardware tokens, biometrics, or adaptive risk-based authentication.