Selecting and adding security keys
You can give your Mercury account an extra layer of protection by adding a security key as your default method of 2-Factor Authentication (2FA). Security keys require you to have a physical device in your possession (which makes them harder to crack) and are immune to phishing.
Security key options
Depending on your OS or browser preferences, you have a couple of options:
Touch ID is built into recent MacBooks and Magic Keyboards, so it’s pretty handy for Apple users. But be aware: if you use multiple browsers, you’ll need to register Touch ID separately on each of them. Your Touch ID will only work on the device you set it up from, meaning if you happen to use your keyboard on multiple devices, be sure to add a new key.
Windows Hello allows you to authenticate using a PIN, facial recognition (via a compatible webcam), or fingerprint (via a compatible fingerprint reader). It will only work on the computer you set it up from, but once registered, you can use it on any compatible browser.
Passkeys are a new technology that syncs your security keys via the cloud (e.g. iCloud keychain, Google Password Manager, etc). They're a great option if you like the convenience of Touch ID or Windows Hello but want something with more compatibility across your various devices and browsers. Please note: you'll still need to log in with your email and password first when using passkeys, and they may not be supported on all devices, operating systems, or browsers yet.
USB security key
USB security keys are small, physical devices that you can plug in to your computer’s USB port to authenticate. Popular brands like Yubikey or Titan work on all major operating systems and devices, but you’ll need to purchase them separately. Once registered, they can be used for authentication on any compatible device.
You can register your mobile device to receive a push notification via Bluetooth. When you register, you’ll have to confirm via the method you normally use to unlock your device (such as Face ID, fingerprint/Touch ID, password, or PIN). If your mobile device only requires a swipe to unlock, you won’t be able to use push notifications.
Adding a security key
- Click your name in the lower-left corner of your dashboard.
- Go to Settings, then Security.
- Under 2-Factor Authentication, find Security Keys.
- Click Add Security Key.
- Follow the browser-specific prompts.
- Add a nickname for your security key.
- If you’re setting up security keys on multiple browsers, we recommend naming them based on key type and browser (e.g., Chrome Touch ID).
Logging in with a security key
- Enter your email address and password as usual on Mercury.com.
- Click Use Security Key when presented with the 2FA step.
- If you select Trust this device for 30 days, you’ll be able to log in using just your email and password for the next 30 days
- Select your desired key and follow the browser prompts to log in.
Do I still need an authenticator app if I use a security key?
Yes. Because some form of 2FA is always required, it’s good to keep your authenticator app handy in case you’re unable to use your security key.
I’ve lost access to my security key. What should I do?
No problem, life happens. You can still log in using your authenticator app or a single-use backup code. Or, if all else fails, contact our Support Team. Once you’ve logged in, make sure to remove that lost security key from your account by going to Settings > Security.
My security key isn’t working. What should I do?
If you’re using fingerprint or facial recognition, try again, as it may have just gotten a weird read the first time. If you’re using a mobile device as your security key, ensure your device is near your computer and that both devices are connected to the internet and have Bluetooth enabled.
If you’re still having issues, use an authenticator app or single-use backup code to log in instead. Then, contact support with as much information as possible (browser name/version, type of security key, screenshots) and we can help resolve the issue.