Guide to Security Keys

  • updated 5 mths ago

If you want to give your Mercury account an additional layer of protection, add a security key, which will then become your default method of 2-Factor Authentication. Security keys require you to have a device in your physical possession and are immune to phishing.

Picking a security key

Depending on your OS or browser preferences, you have a couple of options:

Touch ID

Touch ID is built into recent MacBooks and Magic Keyboards, so it’s pretty handy for Apple users. But be aware: if you use multiple browsers, you’ll need to register Touch ID separately on each of them. Your Touch ID will only work on the device you set it up from, meaning if you happen to use your keyboard on multiple devices, be sure to add a new key.  

Windows Hello

Windows Hello allows you to authenticate using a PIN, facial recognition (via a compatible webcam), or fingerprint (via a compatible fingerprint reader). It will only work on the computer you set it up from, but once it is registered, you can use it on any browser.

USB security key

Popular brands like Yubikey or Titan work on all major operating systems and devices, but you’ll need to purchase them separately. It needs to be registered once and then can be used for authentication on any compatible device.

Push notifications

You can register your phone to receive a push notification via Bluetooth from several supported browsers. Note, when you register your phone, you’ll have to confirm it via the method you use to unlock your phone: Face ID, fingerprint/Touch ID, password, or PIN. If your phone only requires a swipe to unlock, you won’t be able to use phone push notifications.

        Note: Safari added support for phone push notifications in version 15.4

Browser compatibility

Adding a security key

  1. Click your name in the lower-left corner of your dashboard
  2. Go to Settings, then Security
  3. Under 2-Factor Authentication, find Security Keys
  4. Click Add Security Key
  5. Follow the browser-specific prompts
  6. Add a nickname for your security key
    • If you’re setting up security keys on multiple browsers, we recommend naming them based on key type and browser (e.g., Chrome Touch ID)  


Logging in with a security key

  1. Enter your email address and password as usual on Mercury.com
  2. Next, you’ll see a Verify Login screen, where you can click Use Security Key
    • If you select Trust this device for 30 days, you’ll be able to log in using just your email and password for the next 30 days
  3. Select your desired key and follow the browser prompts to log in



Do I still need an authenticator app if I use a security key?

Yes. Because some form of 2FA is always required, it’s good to keep your authenticator app handy in case you’re unable to use your security key.

I’ve lost access to my security key. What should I do?

No problem, life happens. You can still log in using your authenticator app or a single-use backup code. Or, if all else fails, contact our Support Team. Once you’ve logged in, make sure to remove that lost security key from your account by going to Settings > Security.

My security key isn’t working. What should I do?

If you’re using fingerprint or facial recognition, try again, as it may have just gotten a weird read the first time. If you’re using phone push notifications, ensure your phone is near your computer and that both devices are connected to the internet and have Bluetooth enabled.

If you’re still having issues, use an authenticator app or single-use backup code to log in instead. Then, contact support with as much information as possible (browser name/version, type of security key, screenshots) to help us resolve your issue.

Reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular

Need more help?

Email help@mercury.com and we're happy to assist.