Bind a passkey to the portal.

§ why passkey

The portal is the human-facing surface for your lockers. A passkey binds portal access to a hardware-backed credential on your device (Touch ID, Face ID, security key). There are no passwords, no TOTP codes, no recovery emails. The passkey is the only way in.

1 · Open the owner portal

$ open https://portal.nukez.xyz/owner
# first visit triggers WebAuthn enrolment

2 · Register a credential

Your browser prompts for a biometric or hardware-key confirmation. The resulting credential is stored on your device and a public-key record is stored at Nukez. We never see your private credential.

3 · (Optional) enrol additional devices

Passkeys are per-device by default. If you want portal access from a second device, add a second credential — the portal supports up to eight concurrent credentials per owner.

§ relationship to signing keys

The passkey authenticates you to the portal (the UI). It is separate from the Ed25519 / secp256k1 signing key that authorises gateway envelopes. See multi-keypair for how the two layers compose.