This guide walks through adding your first Passkey on MPChat from start to finish — from the two entry points (during wallet activation, or anytime from the Security Center), through the iOS / Android system prompts, to confirming the Passkey now appears in your list. Most users finish in under 90 seconds.
Add your first Passkey on MPChat
Before you start, make sure your device meets the floor (iOS 16 or Android 14, see Passkey overview) and that you are signed in to MPChat v1.5.0 or later. The flow below assumes Passkey has not been added yet.
Two entry points
There are two ways to start the Passkey creation flow, and they end at the same screen:
From the Wallet onboarding flow — when you first open Wallet after upgrading, MPChat shows a compliance step that includes "Set up your Passkey to open the wallet". The Passkey explainer page shown here is labelled "Use a Passkey to open your wallet"; once added, the app jumps directly into Wallet home.
From My → Security Center — tap the Passkey (biometric) row, or the "You haven't added a Passkey yet — add one to unlock more features" banner. The Passkey explainer page here is labelled "Use a Passkey to verify".
Step 1 — Pre-check your device
If your device does not meet the floor, MPChat blocks creation with the message "Your current device system is too old. Please use iOS 16 or Android 14 or later." Update your phone OS and try again.
If you are on an iPhone without the system Passwords app, MPChat shows a one-line tip on the Passkey page: "Before adding a Passkey, please make sure the Passwords app is installed on your iPhone." Tap Download Passwords app; this opens the App Store at https://apps.apple.com/mo/app/passwords/id6473799789. Install it once, then come back and continue.
On Android, MPChat detects whether Google Play Services is available. Most Android 14+ phones already have a Passkey provider (Google Password Manager); some Samsung devices may prompt you to use Samsung Pass instead — either is fine.
Step 2 — Verify one of your existing security factors
To prove the account is yours before binding a new credential, MPChat asks you to pass one of the three existing security factors (3-pick-1):
SMS verification code to your linked phone
Email verification code to your linked email
Google Authenticator 6-digit code
The choice is yours; whichever you can complete fastest is fine. If none of them are available, sign in via SMS / email recovery first, then come back to this step.
Step 3 — Confirm the system Passkey sheet
After the security check, the operating system takes over and shows its native sheet. Confirm with Face ID, Touch ID, or your device PIN. The first time you use Passkeys, iOS / Android may also ask you which password manager (Apple Keychain, Google Password Manager, Samsung Pass…) should store the credential.
The sheet shows the masked account identifier — for security, MPChat passes a masked email or phone (e.g. 144***@qq.com or +86 1859*****65) so the OS sheet shows you which MPChat account is being bound.
Step 4 — Confirm in the Passkey list
On success, MPChat returns to the Passkey list page and toasts "Added successfully". The new entry shows:
Name — defaults to your phone model (e.g. "iPhone 15 Pro"). Tap to rename, up to 20 characters.
Created at — the timestamp of this Passkey.
Last used — empty for a brand-new Passkey; populated after the first verification.
Capabilities — cross-device + scan icons (always shown), plus the biometric icons (Face / fingerprint) your device actually supports.
You can also open your phone's system Passwords app and you will see one new MPChat entry — that is the OS-side reflection of the Passkey you just bound.
What you can do once the Passkey is added
Sign in to MPChat with one tap, no SMS / email code (see Sign in with Passkey).
Confirm withdrawals, transfers, red packets, internal transfers, card actions (see Verify with Passkey for fund flows and card actions).
If you ever need to swap to a different credential, see How to reset your Passkey.
One Passkey per account, by design
MPChat allows exactly one active Passkey per account. You cannot delete it directly — to swap devices, use the Reset Passkey flow, which goes through Sumsub face liveness. This prevents an attacker who somehow obtains your unlocked phone from silently un-binding your account.
Got stuck?
Most issues fall into a small set of patterns — see Passkey troubleshooting for fixes to "device unsupported", "Passwords app missing", "system sheet closed by mistake", and more.