Skip to content

MFA & passkeys

niil supports several ways to prove who you are. Your organization decides whether a second factor is required; you decide whether to add a passkey.

The passkey management card in the profile page
Managing passkeys in your profile

Email one-time code (MFA)

When your organization enables login MFA, signing in with a password is followed by a 6-digit code sent to your email. Enter it to complete sign-in. The code is only ever delivered to your inbox — it's never shown in the browser.

Org admins turn this on under Organization → Security. It is on by default.

Passkeys (WebAuthn / FIDO2)

A passkey lets you sign in with your device's biometrics or PIN (Face ID, Touch ID, Windows Hello, a security key) — no password to type or phish.

Add a passkey from your profile:

  1. Open Profile → Passkeys.
  2. Choose Add passkey and follow your device/browser prompt.
  3. Give it a recognizable name (e.g. "MacBook Touch ID").

Sign in with a passkey by choosing the passkey option on the sign-in screen and confirming on your device. Passkeys are discoverable, so you don't even need to type your email.

A passkey is itself a strong second factor

Signing in with a passkey satisfies multi-factor requirements on its own (possession of your device + biometric/PIN), so niil does not additionally ask for an email code on a passkey login. Keep at least one other sign-in method (password or social) as a backup before removing all passwords.

Social sign-in

If you signed up with Google, Microsoft or GitHub, that provider is your login. You can link or unlink providers in Profile → Connected accounts — as long as you keep at least one working way to sign in.