BuzzBID Passkey

1. Overview

BuzzBID lets users sign in with a passkey instead of typing a password every time. A
passkey is a modern, more secure way to log in that uses the security already built into the
user's own device — for example Windows Hello (fingerprint, face recognition, or a device
PIN), or even the user's phone.

Availability

Supported BuzzBID: passkeys are supported only on BuzzBID that uses Auth0sign-in and is version 25.11.10 or later; earlier versions do not support them.
Who can use a passkey: only non-SSO accounts. Users who sign in via SSO (single sign-on) are managed by their organization's identity system and do not use passkeys.

BuzzBID's sign-in is powered by Auth0, our identity provider. Because of this, there are two
ways a user can end up with a passkey:

During sign-in — after logging in with their email and password, Auth0 will offer to create a passkey for next time. This is the easiest path and most users will set up their passkey this way.
Anytime, from inside BuzzBID (Bandit and later versions) — the Help menu has a "Reset / Enroll Login Passkey" option to set up or replace a passkey on demand. This entry point is available in the Bandit version of BuzzBID and later.

This guide explains, in business terms, what a passkey is, both ways to set one up, what devices can hold one (including a phone), and how to answer the questions users will have.

A passkey is optional and additional. Users can still sign in with their normal email and password — a passkey is a faster, safer alternative they can choose to set up.

2. What Is a Passkey?

A passkey replaces the password with something the user already has and controls: their own device, unlocked by their fingerprint, face, or PIN.

	Traditional password Passkey	Passkey
What the user remembers	A password they must type	Nothing — just unlock their device
Where it lives	In the user's head (and at risk of being written down or reused)	Securely on the user's device (computer, phone, or security key)
Can it be phished or stolen?	Yes — passwords can be guessed, leaked, or entered on a fake site	No — a passkey only works with the real BuzzBID sign-in and never leaves the device
How the user signs in	Types email + password	Confirms with fingerprint /face / PIN on their device

In short: a passkey is like a key that lives safely inside the user's device. Signing in becomes a quick & "yes, it's me" confirmation instead of remembering and typing a password.

3. Before You Start

To set up and use a passkey, the user needs:

An eligible account and version — a non-SSO account, on a BuzzBID that uses Auth0 sign-in and is version 25.11.10 or later (see Section 1).
A way to unlock their device — see the list below.
An internet connection. Setting up a passkey involves a quick, secure check with Auth0, so the user must be online.

What can hold a passkey:

Where a passkey lives	How the user confirms it	Notes
This computer (Windows Hello)	Fingerprint, face camera, or by typing the Windows PIN	Requires Windows 10 (version 1903) or later. On older Windows, BuzzBID will say passkeys are not supported.
The user's phone (iPhone or Android)	The phone's fingerprint or face unlock, after scanning a QR code	A convenient option when the computer does not have a fingerprint or camera with face recognition hardware.
A security key	A tap or PIN on a physical FIDO security key	For users who already use hardware keys.

Most users will simply use Windows Hello on their own computer. A phone is a great alternative when the computer can't do fingerprint or face recognition.

About the Windows PIN: confirming with a PIN is not a single click — the user must type their Windows PIN code (the same PIN they use to sign in to Windows). Fingerprint or face recognition, by contrast, is just a quick scan.

4. Two Ways to Set Up a Passkey

Windows permission prompts you may see. At certain moments Windows itself (not BuzzBID) may show a small dialog with Yes / No buttons and the note "To change this later, go to the Settings app". There are two of them:

"Let BuzzBID enumerate your passkeys?" — usually when the sign-in window first opens. It asks whether BuzzBID may check which passkeys already exist on this device, so it can offer them on the "Continue with a passkey" button.
"Let BuzzBID create and use passkeys? — when creating a passkey. It asks whether BuzzBID may create a new passkey and use it on this device.

For both, choosing Yes is recommended so passkeys will function correctly. However, choosing No never locks anyone out — the user can still sign in with their email and password — but the matching step (listing or creating a passkey) won't work until it is allowed. Either choice can be changed later in the Windows Settings app.

4.1 The easy way — Auth0 offers it right after sign-in

This is the path most users will use, and it requires no menus.

The user signs in to BuzzBID with their email and password as usual.
In the same sign-in window, Auth0 asks whether they'd like to create a passkey for faster, more secure sign-in next time.
The window has two buttons and a checkbox:
1. Create a Passkey (button) the same as accepting: they confirm with Windows Hello (or choose their phone — see Section 5), and the passkey is created.
2. Continue without passkeys (button) they sign in to BuzzBID normally without creating a passkey this time.
3. Don't show me this again (checkbox) → if the user checks this checkbox before continuing, the create-passkey offer is suppressed for 30 days — on any machine they sign in from.

4.2 Anytime — from the BuzzBID Help menu (Bandit and later versions)

This setup path is available in the Bandit version of BuzzBID and later. Versions before Bandit do not show the "Reset / Enroll Login Passkey" item in the Help menu; users on those versions should set up a passkey via the sign-in offer in Section 4.1.

A user who skipped the offer, or who wants to replace an existing passkey, can set one up on demand:

In BuzzBID, open the Help menu and choose "Reset / Enroll Login Passkey."
A secure window asks the user to confirm their identity — they re-enter their account password. See Section 6 for why this extra step exists here.
After their identity is confirmed, Windows takes over briefly and shows its own passkey prompt (fingerprint, face, or PIN). This is the standard Windows dialog, not a BuzzBID screen.
Once the user completes the prompt, BuzzBID confirms with the message:

"Your new passkey has been successfully enrolled."

While BuzzBID is preparing the passkey, a short "please wait" overlay may appear. It disappears automatically the moment the Windows passkey prompt shows.

5. Using a Phone as a Passkey

A user can store the passkey on their phone instead of (or in addition to) their computer — handy when the computer has no fingerprint reader or face camera.

When creating a passkey (either path in Section 4), the user can choose the "use another device" option. Then:

A QR code appears on screen.
The user scans it with their phone's camera.
The phone asks them to confirm with its fingerprint or face unlock.
The passkey is created on the phone. From then on, the user can sign in by confirming

on their phone.

Why this is safe:
The computer and phone confirm they are physically near each other (using Bluetooth) before the passkey works. This means a QR code captured by someone far away is useless to them — they would have to be standing right next to the user. The user just needs Bluetooth turned on on both devices; if it's off, the phone will prompt them to turn it on.

6. Why the Help-Menu Setup Asks to Confirm Identity First

In the Help menu path (Section 4.2), BuzzBID deliberately asks the user to prove who they are again by re-entering their password before creating the passkey. This is an intentional security safeguard, not an inconvenience.

The reason: with this path, the user is already signed in. A passkey is a powerful, long-lasting way to access the account, so BuzzBID does not want someone who simply walked up to an already-signed-in computer to be able to attach a brand-new passkey. Requiring a fresh identity check means only the real account owner can add a passkey — even on an already-unlocked machine. It also pins the action to the currently signed-in account, so a passkey can't accidentally be created against the wrong account.

The sign-in offer in Section 4.1 does not need this extra step, because the user has just entered their password moments earlier.

7. Signing In with a Passkey Afterwards

Once a passkey is set up, the next time the user signs in to BuzzBID they can choose the passkey option on the sign-in screen and simply confirm with their fingerprint, face, or PIN (or on their phone) — no password typing required. The user's password still exists and continues to work; the passkey is an added, faster way in, not a replacement that locks anything out.

8. Resetting or Replacing a Passkey

This feature is available in the Bandit version of BuzzBID and later. The Help menu item Help, "Reset / Enroll Login Passkey" — is used both to set up a passkey and to replace an existing one (for example, after getting a new computer, or if a user simply wants a fresh passkey). Running it again walks through the same identity-confirmation and device prompt, and enrolls a new passkey.

9. If Something Goes Wrong

Create a HubSpot Support Ticket in the Contact's name and assign it to our IT Engineering team, who will work directly with the customer to resolve any issue.

Important:
If setup fails or is cancelled, the user stays signed in exactly as before — nothing about their existing account access is changed or removed. For the sign-in offer (Section 4.1), there is nothing to troubleshoot: clicking Continue without passkeys (optionally checking the Don't show me this again checkbox) simply continues into BuzzBID, and nothing about the user's account access changes.

10. Frequently Asked Questions

Do users still need their password?

Yes. The password still works. A passkey is an additional, more convenient and more secure way to sign in.

A user said BuzzBID asked them to create a passkey when they logged in — is that normal?

Yes. That is Auth0 (our sign-in provider) offering to set up a passkey for next time (Section 4.1). It is optional: they can click Continue without passkeys to sign in without creating one, and ticking the Don't show me this again checkbox hides the offer for 30 days (on any machine). See Section 4.1.

What are the "Let BuzzBID … passkeys?" boxes from Windows?

Those are Windows permission prompts (not BuzzBID's). There are two: "…enumerate your passkeys" (when the sign-in window opens — lets BuzzBID list existing passkeys) and "…create and use passkeys" (when creating a passkey — lets BuzzBID create and use one). Yes is recommended for both; No still allows password sign-in, and the choice can be changed later in the Windows Settings app. See Section 4.

Why can't a user see or use the passkey option?

Two common reasons: their BuzzBID is too old (it must use Auth0 sign-in and be version 25.11.10 or later), or the account signs in via SSO (single sign-on) — SSO accounts do not use passkeys.

Can a user set up a passkey if their computer has no fingerprint or face scanner?

Yes — they can use a Windows PIN (they will be asked to type their Windows PIN code, the same one used to sign in to Windows — it is not a one-click action), or set the passkey up on their phone by scanning a QR code (Section 5).

Is a passkey tied to one device?

A passkey is set up on the device the user chooses (their computer or their phone). A user can set one up on more than one device. If they get a new computer, they can simply set up a passkey there too.

Is it safe? Where is the passkey stored?

Yes. The passkey is stored securely on the user's device (by Windows, or by their phone) and never gets typed, emailed, or stored as a password would. It only works with the genuine BuzzBID sign-in, which is what makes it resistant to phishing.

What if a device is lost?

Because the password still works, the user is never locked out. They can sign in with their password (or another device's passkey) and set up a new passkey on a replacement device.

Does this cost anything or need extra hardware?

No extra cost. A Windows 10 (1903+) PC with Windows Hello (fingerprint, face, or PIN) works, and so does a modern phone — no special hardware required.