Skip to main content

A secure-by-default account

Treasury is built to be secure without you having to think about it. Because sign-in is passwordless, the most common way accounts get compromised — a stolen, reused, or phished password — simply doesn’t apply.

Passkeys are phishing-resistant

When you sign in with a passkey, authentication happens on your device using Face ID, Touch ID, or a hardware security key. The secret never leaves your device and is tied specifically to Treasury, so it can’t be:
  • Phished — there’s nothing to type into a fake login page.
  • Reused — each passkey is unique to Treasury.
  • Leaked in a breach — Treasury never stores a password to lose.
This gives you strong, modern protection out of the box — the kind that traditional password-plus-2FA setups are trying to approximate.

Keep a backup sign-in method

The most important thing you can do for your account is keep at least two sign-in methods connected — for example a passkey on your phone and Google. That way, if you lose a device, you can still get in and add a new passkey. Manage your methods under Settings → Account → Sign-in Methods.
Add a passkey on each device you use Treasury from, and connect a provider account (Google or Apple) as a fallback. Two independent ways in means you’re never locked out.
Removing your only sign-in method, or losing the single device that holds your only passkey, can lock you out. Always keep a second method connected.

Authentication

Add and manage passkeys and connected accounts.

Connected Accounts

Use Google or Apple as a backup sign-in.