Account Security
See all articlesHashKey Global Team
What is Passkey?
HashKey now supports passkeys for two‑step verification, delivering a code‑free experience and stronger account protection.
Learn more about passkeys on the FIDO Alliance website: https://fidoalliance.org/fido2/
1. Before You Start
You can create a passkey on:
- A mobile device running iOS 16.0.0 or Android 7.0 or later.
- A FIDO2‑compatible USB security key (also called a U2F key). It plugs into any USB port like a flash drive and can be used alongside iOS/Android as an extra layer of protection.
Note: If your iOS version is below 16.0.0 or you removed the built‑in Passwords app, you won’t be able to create a passkey. Please upgrade to iOS 16.0.0 or later and reinstall Passwords from the App Store (iOS 18 or later is required to install the app).
2. How do I set up a passkey for my account?
Step 1: Complete identity verification
- Go to HashKey User Center → Security Settings → Passkey → Manage → **Add Passkey**.
- To proceed, you must first verify your identity using your existing 2‑step verification.
Step 2: Create your passkey
After verification, follow the on‑screen instructions:
- Method A: Use this device as your passkey
Tap **Continue**, then complete Face/Touch ID or enter your device passcode.
- Method B: Create a passkey on another phone/tablet
Tap Other options → choose **iPhone, iPad or Android device**; scan the QR code with another device and approve on that device.
iOS: Devices signed in with the same Apple ID can use passkeys created previously.
Android: Passkeys rely on Google services; you must be able to access Google to use passkeys.
- Method C: Use a USB security key
Choose Other options → **Security key**; insert the hardware key and follow the prompts.
Step 3: View details and sign in
After creation, review your passkeys on the Passkey page.
Next time you sign in, choose Sign in with a passkey for a code‑free login. You can also use your passkey to quickly verify actions that require additional confirmation (e.g., withdrawals).
3. How do I delete a passkey?
Go to HashKey User Center → Security Settings → Passkey → Manage → **Delete**.
Deleting a passkey requires identity verification using your existing 2‑step verification.
4. What if my passkey doesn’t work?
During sign‑in, withdrawals, etc., if your passkey can’t be used, click “Passkey not working?” on the verification dialog, then switch to one of your other bound 2‑step verification methods.
HashKey Global Team
How should I set up my password to make it more secure?
When setting your account password, please follow the rules below to enhance your account security.
The password must be at least 8 characters in length and must contain at least an upper case letter, a lower case letter, and a number.
Please use different passwords for different accounts to avoid the loss of multiple associated accounts.
Please do not use important personal information or common words as passwords, and make sure the password is not related to your personal information.
Please update your passwords regularly and back them up securely to avoid using one password for too long. It is recommended that you change your password once every 90 days.
Password change process: Log in to your account - [Security Settings] - [Advanced Settings] - [Login Password].
HashKey Global Team
What is 2FA and why do I need to enable 2FA?
2FA stands for Two-Factor Authentication
It is an extra layer of security for your online accounts. When you enable 2FA, you not only need your password
to access your account but also a second factor, usually something you own, like a smartphone app that generates
a unique code or a physical device.
Why You Need to Enable 2FA:
-
Enhanced Security: Even if someone has your password, they cannot access your account without the second factor.
-
Protection Against Hacks: Passwords can be compromised through phishing or data breaches, but 2FA adds an extra hurdle for attackers.
-
Compliance: Some platforms require 2FA to meet regulatory or security standards.
In short, enabling 2FA significantly reduces the risk of unauthorized access to your account.
HashKey Global Team
How to set up 2FA( 2factor authentication)
- Firstly, you need to log into your HashKey Global account and on the right top corner click on your personal profile and select "Security Settings"
2.Choose either "Mobile Phone Verification" or "Google Verification" and click on "Settings" to proceed to the respective settings page.2.1 For Mobile Phone Verification: Enter your phone number, SMS verification code, and email verification code. Click "Confirm" to successfully bind the phone number.
2.2 For Google Verification:Download the Google Authenticator app.Add the provided key to the Google Authenticator app and make sure to back up the key.Enter the email verification code and Google verification code.Click "Bind" to successfully bind Google Verification.
HashKey Global Team
How to login to account if access 2FA verifications is lost?
If you have a Google Authenticator key, you can reinstall the Google Authenticator app and enter the key to set it up. The key will only be visible to you if you have activated Google Authenticator in your account. We strongly recommend that you backup this Google Authenticator key for future use in case you need to recover your Google Authenticator settings.
If you do not back up the Google authentication Key, don't worry, you can get assistance by contacting our customer support via live chat or email at support@global-cs.hashkey.com.
HashKey Global Team
Notice to Clients on Fraudulent Links and Websites
Protecting you against potential fraud is important to HashKey Bermuda Limited ("HashKey Global"), and as such, we have implemented a range of security measures to protect our clients. However, in the unlikely event that fraud occurs, or, if you suspect that fraudulent activity or irregularities may have occurred with respect to your account(s), you are advised to immediately contact our Customer Service Specialists through HashKey Global App/Website.
June 14, 2024
HashKey Global Warns Clients of Fraudulent Links and Websites
HashKet Bermuda Limited ("HashKey Global") would like to alert its clients and the general public to the following fraudulent websites, which purported to be from HashKey Global.
https[:]//hashkey[.]bond
https[:]//hskex[.]com
https[:]//www[.]hskexs[.]com
https[:]//hskexit[.]com
https[:]//www[.]hskexpro[.]com
https[:]//hskexco[.]com
https[:]//hskexw[.]com
https[:]//hashkeyhk[.]cc
https[:]//hashkey9[.]top
https[:]//hashkey[.]buzz
https[:]//andreaperdis[.]com
https[:]//hashkey[.]space
https[:]//hashkef[.]top
https[:]//hashkey[.]claims
https[:]//hashkeh[.]top
https[:]//dtdirl[.]com
https[:]//renors[.]com
https[:]//hashkeys[.]net
https[:]//hash.gocohsk[.]top
https[:]//jnxhlw[.]com/h5/#/
https[:]//hash.gofohsk[.]top
https[:]//shtaibai[.]com
https[:]//sgphykpool[.]com
https[:]//tohash-rs[.]top
https[:]//uculr[.]com
https[:]//tohash-cd[.]top
https[:]//hash[.]gorohsk[.]top
https[:]//hashkey[.]report/case/277821
https[:]//hashkey[.]ink/case/277821
https[:]//passports-hashkey[.]com/
https[:]//passport-hashkey[.]com/
https[:]//server[.]passport-hashkey[.]com
https[:]//webmail[.]hashkey[.]ink
https[:]//ftp[:]hashkey[.]ink
https[:]//www[:]hashkey[.]ink
https[:]//mail[:]hashkey[.]ink
https[:]//cpanel[:]hashkey[.]ink
https[:]//ftp[:]hashkey[.]report
https[:]//webmail[:]hashkey[.]report
https[:]//panel[:]hashkey[.]report
https[:]//mail[:]hashkey[.]report
https[:]//www[:]hashkey[.]report
https[:]//hashkey[:]solutions/case/2174496
https[:]//hashkey[:]contact/case/288153
https[:]//exchange-hashkey[:]com/zh-CN/login
https[:]//passport-hashkey[.]app/zh-TW/login
https[:]//hk-hashkey[.]com/case/761143
https[:]//hashkey[.]center/case/277821
https[:]//passport-hashkey[.]pro/
https[:]//szjingyue[.]com/h5/
https[:]//hash[.]goxohsk[.]top/#/login
https[:]//hash[.]uogohsk[.]top/
https[:]//hash[.]goqohsk[.]top/
https[:]//ktvrx[.]com/
https[:]//hash[.]gokohsk[.]top
https[:]//hashkey[.]huaguangled[.]com/h5/#/
https[:]//hashkey[.]cd-js[.]com/h5/#/
https[:]//hash[.]uopohsk[.]top/
https[:]//hashkey[.]sinoscn[.]com/h5/#/
https[:]//hashkey[.]yljttw[.]com/h5/#/
https[:]//hashkey[.]yljttw[.]com/h5/#/
https[:]//hash[.]gobohsk[.]top/
https[:]//hashkey[.]network/?airdrop
https[:]//x[.]com/HashKeyHSK/status/1912884668342354343
https[:]//x[.]com/HashKeyHSK/status/1912884668342354343
https[:]//hash[.]uoqohsk[.]top/
https[:]//123[.]bhjohash[.]top/
https[:]//hash[.]hocohsk[.]com/
https[:]//hash[.]uooohsk[.]top/https[:]//hash[.]hooohsk[.]com/
https[:]//www[.]hashcoin[.]sbs/#/
https[:]//hashkey-hk[.]vip
https[:]//hashkey[.]huobancehua[.]com/h5/#/
https[:]//www[.]hashglobalp[.]com/
https[:]//123[.]bhhohash[.]top/
https[:]//hash[.]aobohsk[.]top
https[:]//hash[.]hokohsk[.]com/
http[:]//hashkey11301[.]com/
https[:]//hashkey[.]chinainkcg[.]com/
https[:]//hashkey[.]bid/
https[:]//hashkey-hk[.]net/
http[:]//hash[.]aoeohsk[.]com/
http[:]//hash[.]hotohsk[.]com/
http[:]//hash[.]aodohsk[.]top
http[:]//hash[.]hhorohsk[.]top/
http[:]//hash[.]horohsk[.]com/
https[:]//hash[.]hhodohsk[.]top/
http[:]//hash[.]hotohsk[.]com/
http[:]//hash[.]aodohsk[.]top
http[:]//hash[.]hhorohsk[.]top/
http[:]//hash[.]horohsk[.]com/
https[:]//hash[.]hhodohsk[.]top/
https[:]//www[.]kgiiee[.]vip/
http[:]//hash[.]coiohsk[.]top/
http[:]//hash[.]coxohsk[.]top/
http[:]//hash[.]ehoxohsk[.]top/
http[:]//hash[.]ehoxohsk[.]top/
https[:]//www[.]hashglajr[.]com/
http[:]//hashkey712[.]com
http[:]//hashkey901[.]com
http[:]//hashkey91631[.]com
http[:]//hashkey7715[.]com
http[:]//hashkey80713[.]com
https[:]//hash[.]ehomohsk[.]top/
https[:]//h5[.]hashkey-global[.]asia/#/
http[:]//hash[.]gogohsk[.]top/
https[:]//h5[.]hashkey-global[.]asia/#/
http[:]//hash[.]gogohsk[.]top/
http[:]//hash[.]horohsk[.]com/
https[:]//glohaskahxg[.]com/#/
https[:]//ethaz[.]top/site/p2003/index[.]html
Https[:]//h5[.]hashkey-global[.]com/#/
https[:]//www[.]kgiiee[.]vip/
http[:]//hash[.]coiohsk[.]top/
https[:]//rwallet[.]com[.]hk/%e6%8a%95%e8%b3%87%e8%80%85%e6%a5%ad%e5%8b%99%e6%a2%9d%e6%ac%be/
https[:]//hashkey[.]qpon
https[:]//hashkeys[.]vip/
https[:]//hash[.]cowhsk[.]top/#/login
https[:]//hash[.]coyohsk[.]top/
https[:]//glohaskahxg[.]com/#/
https[:]//ethaz[.]top/site/p2003/index[.]html
Https[:]//h5[.]hashkey-global[.]com/#/
https[:]//www[.]kgiiee[.]vip/
http[:]//hash[.]coiohsk[.]top/
https[:]//rwallet[.]com[.]hk/%e6%8a%95%e8%b3%87%e8%80%85%e6%a5%ad%e5%8b%99%e6%a2%9d%e6%ac%be/
https[:]//hashkey[.]qpon
https[:]//hashkeys[.]vip/
https[:]//hash[.]cowhsk[.]top/#/login
https[:]//hash[.]coyohsk[.]top/
https[:]//2025[.]xokohsk[.]top/
https[:]//2025[.]xobohsk[.]top/
https[:]//hash[.]aavohsk[.]top
https[:]//hash[.]coyhsk[.]top/#/login
https[:]//hash[.]coyhsk[.]top/#/login
https[:]//hashkeyss[.]bar/#/home
To mislead clients, fraudulent websites will appear under different domain names or with slight modifications or variations
of the official HashKey Global website address www.hashkey.com by adding a combination of letters, numbers or symbols.
HashKey Global declares that it has no connection with the aforementioned fraudulent websites.
The websites are not affiliated with HashKey Global or its affiliates whatsoever. As such, we will not accept
liability for any matters relating to the websites.
To authenticate the liability of HashKey channels, you are highly recommended to visit our official website
https://global.hashkey.com/en-US/official-verification and HashKey Global App (Press the Icon on left top corner >
HashKey Official Channel Verification).
All cases above has been reported and bove websites have been blocked. If you are concerned that you may
have disclosed your personal information or have conducted any transactions through such channels, you can
contact your local police authority and contact our customer service support channel via our app/ website.