Skip to main content

Passkey Authentication

A faster, simpler, and more secure way to access the Global Expansion Platform

Written by Hemanth Chezhian
Updated over a month ago

1. Quick Overview

Vistra has introduced passkey-based authentication for the Global Expansion Platform (GEP), providing a modern, biometric-first way to sign in.

Instead of repeatedly entering passwords and secondary authentication codes, users can now securely access GEP using fingerprint, face recognition, or device credentials directly from their personal device.

🚀 Key Takeaway: Passkeys enable faster login with fewer steps, stronger security, and no need for SMS codes or authenticator apps.

2. What’s Changed

Previous Login Experience

Previously, when users were invited to a GEP organisation, they were required to:

  1. Enter an email address and set a password

  2. Verify their email using a Multi-Factor Authentification (MFA) email code

  3. Set up an authentication method (mandatory)

  4. Log in subsequently using email + password and an additional authentication method

While secure, this flow introduced friction - especially for non-technical users. Some authentication options were confusing, inefficient, or unreliable.

New Passkey-Based Experience

With this new enhancement:

  • Users are prompted (but not required) to create a passkey during first-time setup

  • Future logins can be passwordless using device biometrics

  • MFA is retained only as a fallback when a passkey is not used

This approach aligns with current industry security standards and significantly improves the onboarding and login experience.

3. What Is a Passkey?

A passkey is a secure, passwordless authentication method that uses your device’s built-in security.

Passkeys can be created using:

  • Biometrics

    • Fingerprint or face recognition (e.g. Apple Touch ID / Face ID, Windows Hello)

  • Device PIN or secure hardware credentials

Your passkey:

  • Is stored securely on your personal device

  • Is never shared with Vistra or any third party

  • Provides strong protection against phishing and credential theft

4. New Account & Login Flow

Creating a New GEP Account

1. Enter your email address and set a password


2. Verify your email via an MFA email code

3. You will be prompted to create a passkey (recommended, but optional)

4. Use your device’s biometric or security option to complete passkey setup

Signing In After Setup

  • With a passkey
    Simply unlock your device using fingerprint, face recognition, or device PIN

  • Without a passkey
    Sign in using email + password, with MFA as a fallback

5. Why Use a Passkey?

Simple and Fast

  • No passwords to remember

  • No authenticator apps to install

  • One-step sign-in from your personal device

Keep your account safe

  • Resistant to phishing attacks

  • More secure than traditional passwords

  • Uses hardware-backed device security

Your data is protected

  • Biometric data stays on your device

  • No sensitive information is shared or stored externally

6. Security, Compliance & Controls

  • Passkeys follow modern authentication and security standards

  • MFA remains available as a secure fallback option

  • All authentication activities continue to be audit-logged

  • Fully aligned with Vistra’s data protection and compliance obligations

7. Benefits

For Clients and Directors: Faster access to global entity data, advisory insights, and corporate services

For Non-Technical Users: No confusion around SMS codes or authenticator apps

For Enterprise Teams: Reduced onboarding friction with enterprise-grade security

8. Frequently Asked Questions

❓Is creating a passkey mandatory?
No. Passkeys are recommended but optional. You can continue using email + password with MFA.

❓What happens if I change devices?
Depending on your platform, passkeys may sync across devices (e.g. Apple ID or Google account).

❓Is my biometric data shared with Vistra?
No. Biometric data never leaves your personal device.

❓Can I still use MFA?
Yes. MFA is retained as a fallback authentication method.

9. Summary & Next Steps

Passkey-based login simplifies how you access the Global Expansion Platform by reducing friction while increasing security. With fewer steps and stronger protection, you can access your global entity estate, receive advisory insights, and request corporate services faster than ever.

📩 Contact: Reach out to your Vistra Relationship Manager or [email protected]

Did this answer your question?