A security key is one of the most phishing-resistant ways to log in.

SMS codes and authenticator-app codes can still be tricked out of you or intercepted on a fake website; a security key is tied to the site's real web address, so it simply won't work on a spoofed site — stopping phishing and account takeover at the source. It also doesn't rely on phone signal or battery — just plug in, tap, and you're in.

They complement each other. Phone-based passkeys are convenient, but they're usually tied to a single phone or a particular cloud ecosystem — which can be a problem if your phone is lost, broken, or replaced.

A physical security key is independent of any phone or cloud, works across devices, and makes an ideal backup to your other keys. Many people use phone passkeys for everyday login and keep a physical key as a phone-independent backup and an extra layer of security.

• ATLKey is a FIDO-standard security key used for account login and identity verification.
• Working with supported websites and systems, it replaces or strengthens traditional password login, effectively preventing phishing attacks and account takeover.

No.

Like other standard FIDO security keys, ATLKey works directly with FIDO / Passkey-supported websites and browsers — no dedicated software to install.

Any service that supports FIDO2, WebAuthn, or Passkey — for example, Google, Microsoft, GitHub, and many enterprise systems and admin platforms.

Actual support and setup locations follow each service's own documentation.

• Most major platforms (such as Google, Microsoft, and Apple) ask you to set a PIN when you first register a security key, though whether a PIN is required can vary by operating system or website.
• For better security, we recommend confirming that your PIN has been set.

Whether a PIN is required depends on the website, the system, and the login method.

• In some cases (for example, when used only as a second verification step), the system may simply ask you to insert and tap the key.
• For Passkey / passwordless login or high-security accounts, a PIN is usually required.

This reflects each platform's security policy — it is not a malfunction of the key.

• The PIN protects your security key from unauthorized use by others.
• Some websites require you to enter the PIN as well to complete login or verification.

The PIN is stored on the security key and cannot be retrieved. If you forget it, you'll need to reset the key through your system and re-register it with each account.

We therefore recommend:

• Choosing a PIN that's easy for you to remember but hard for others to guess.
• Setting up a backup key in advance, or keeping an account recovery method available.

• If your primary key is lost, damaged, or unavailable, a backup key keeps you from being locked out of your accounts.
• Some services (such as Apple ID) also require at least two keys to be registered when enabling security keys.

Not if you've set up a backup key or an account recovery method in advance. Losing a single key won't lock you out — you can still log in with your backup key or a recovery code, then remove the lost key from your account.

This is exactly why we recommend registering at least two keys from the start: one for everyday use, and one kept somewhere safe as a backup.

If you lose your ATLKey, we recommend doing the following right away:

1. Log in to the accounts it's registered with (such as Google, Microsoft, etc.).
2. Remove the lost security key in each account's security settings.
3. Log in using a backup method (such as a backup key or recovery code).

Normally, no.

• A security key must first be registered to a specific account, and can only be used with the correct login process.
• Whether a PIN is required varies by each website's security settings.

We recommend enabling a PIN to further reduce the risk of loss or misuse.

We recommend not writing your PIN on paper kept in the same place as your security key. If the key and its PIN are lost together, security is greatly weakened.