> ## Documentation Index
> Fetch the complete documentation index at: https://docs.treasury.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# Account Security

> How Treasury keeps your account secure with passkeys and connected sign-in.

## A secure-by-default account

Treasury is built to be secure without you having to think about it. Because sign-in is [passwordless](/account/security/changing-password), the most common way accounts get compromised — a stolen, reused, or phished password — simply doesn’t apply.

## Passkeys are phishing-resistant

When you sign in with a **passkey**, authentication happens on your device using Face ID, Touch ID, or a hardware security key. The secret never leaves your device and is tied specifically to Treasury, so it can’t be:

* **Phished** — there’s nothing to type into a fake login page.
* **Reused** — each passkey is unique to Treasury.
* **Leaked in a breach** — Treasury never stores a password to lose.

This gives you strong, modern protection out of the box — the kind that traditional password-plus-2FA setups are trying to approximate.

## Keep a backup sign-in method

The most important thing you can do for your account is keep **at least two sign-in methods** connected — for example a passkey on your phone *and* Google. That way, if you lose a device, you can still get in and add a new passkey.

Manage your methods under [**Settings → Account → Sign-in Methods**](https://app.treasury.sh/settings/account).

<Tip>
  Add a passkey on each device you use Treasury from, and connect a provider account (Google or Apple) as a fallback. Two independent ways in means you’re never locked out.
</Tip>

<Warning>
  Removing your only sign-in method, or losing the single device that holds your only passkey, can lock you out. Always keep a second method connected.
</Warning>

## Related

<CardGroup cols={2}>
  <Card title="Authentication" icon="key" href="/account/authentication">
    Add and manage passkeys and connected accounts.
  </Card>

  <Card title="Connected Accounts" icon="link" href="/account/security/connected-accounts">
    Use Google or Apple as a backup sign-in.
  </Card>
</CardGroup>
