← Back to Guides

Passkey / WebAuthn Authentication Guide

Recommended method for most users

WebAuthn is the W3C standard for passwordless authentication using public-key cryptography. OwnBlock recommends it as the primary method: it is fast, secure, and requires no terminal or technical knowledge.

1. What are WebAuthn and passkeys?

WebAuthn (Web Authentication API) is a W3C standard that enables websites to authenticate users using public-key cryptography. The term Passkey is the industry-friendly name for syncable WebAuthn credentials.

The authenticator (your device or hardware key) generates a unique key pair for each site. The private key never leaves the device — the server only receives the signature of a one-time challenge. There is no password to steal.

  • Privacy: no email or personal identifier required.
  • Speed: registration and signing in take seconds with biometrics.
  • No password: nothing to lose, leak, or reuse.
  • Open standard: supported by all modern browsers and operating systems.

2. Compatible devices

Biometric authenticators

  • Face ID — iPhone, iPad (Face ID)
  • Touch ID — iPhone SE, MacBook Pro/Air with Touch ID
  • Windows Hello — fingerprint, face recognition or PIN on Windows 11
  • Android biometric — fingerprint or face recognition on Android 9+

Hardware keys (FIDO2)

  • YubiKey 5 — series 5 and above (USB-A, USB-C, NFC)
  • Nitrokey 3 — open-source option (USB-A, USB-C, NFC)
  • Google Titan Security Key — USB-A/NFC or USB-C/NFC
  • Trezor Safe 3 / Safe 5 — support FIDO2/WebAuthn; key stays in the hardware secure element (Safe series only)
  • Any FIDO2/WebAuthn certified key

Chrome, Firefox, and Safari support WebAuthn natively. No plugin or extension is required.

3. How to register with a passkey

  1. Go to /login and select the Create account tab.
  2. Enter your alias (no email required).
  3. Select the Passkey / WebAuthn method.
  4. Optionally enter a device label (e.g. MacBook, YubiKey, Trezor Safe 3).
  5. Your browser or OS prompts for your biometric or hardware key interaction.
  6. On successful registration, 5 recovery codes appear — save them immediately.

4. How to sign in

  1. Go to /login.
  2. Enter your alias.
  3. Select the Passkey / WebAuthn method.
  4. Authenticate with your device (biometrics or hardware key).

5. Adding multiple devices

From Settings → Authentication Methods → Add Passkey you can register additional devices.

It is recommended to register at least 2 devices (e.g. a laptop and a hardware key). Each registration is independent — losing one device does not lock you out as long as others remain active.

6. Recovery codes

When you create an account with a passkey, OwnBlock automatically generates 5 recovery codes. These codes are shown only once at account creation and cannot be retrieved afterwards.

Each code has the format: AAAAAAAA-BBBBBBBB-CCCCCCCC-DDDDDDDD (4 groups of 8 characters).

Use case: if you lose all your registered devices, recovery codes are the only way to regain access to your account.

After using a recovery code, go to Settings and generate a new set of 5 codes.

Without any registered device AND without recovery codes, the account is permanently and irrecoverably inaccessible. Store the recovery codes in a safe, offline location at account creation time.

7. Account lifecycle

OwnBlock accounts are automatically deleted after 7 days of inactivity. The 7-day counter resets with every successful sign-in — it only affects users who do not sign in for 7 consecutive days.

Why this policy exists: OwnBlock accounts exist exclusively to (1) create hashrate rental orders, (2) manage Telegram notification settings, and (3) access the support ticket service. There is no social profile, no saved payment method, no history beyond active orders. An inactive account means the user is simply not using any of these services — keeping it would only consume resources without purpose.

Practical implication: if you return to the platform after more than 7 days without signing in, you will need to create a new account. You can register the same passkey device — you will only need to choose a new alias.

8. Security

  • Private key never transmitted: the authenticator signs a challenge; only the signature leaves the device.
  • Each challenge is single-use: replay attacks are impossible.
  • No password phishing: there is no password to intercept or reuse.
  • Trezor Safe 3 / Safe 5: keys are stored in the hardware-isolated secure element — even the computer has no access to them.

If you suspect a device is compromised, remove it from Settings → Authentication Methods immediately.

← Back to Guides