Secure your PlayStation account with a passkey and 2-step verification

Account takeovers are one of the most frustrating problems on PlayStation. The good news is that Sony now offers two strong tools to protect you: passkeys and 2-step verification (2SV).

A passkey replaces your password with a sign-in method tied to your device (Face ID, fingerprint, or a screen lock). PlayStation describes passkeys as a faster and more secure way to sign in.
2-step verification (2SV) adds a second code (from an authenticator app or SMS) when you sign in with a password, and it includes backup codes for emergencies.

This guide shows how to set up PlayStation passkey and 2-step verification, plus the exact troubleshooting steps that fix most lockouts.

Before you start: what you need

  • Access to your PlayStation account email inbox (recommended for recovery).
  • A phone or computer that supports passkeys (PlayStation notes most iOS 16+ or Android 9+ devices support passkeys).
  • Your PS5 updated to current system software (recommended for the smoothest security settings experience).
  • A safe place to store backup codes (password manager, offline note, or printed copy).

Passkeys vs 2SV: what each one protects (and why you should use both)

Passkeys: the best everyday sign-in

Passkeys are a password replacement. You sign in using your device unlock method instead of typing a password. PlayStation positions passkeys as phishing-resistant and more secure than passwords.

Passkey sign-in is supported on PS5, PS4, the PlayStation website, the PlayStation App, and Remote Play for Mac (per PlayStation’s passkey FAQ).

2-step verification: a strong safety net for password logins

2SV protects sign-ins that still use a password by requiring a second code (authenticator app or SMS). PlayStation’s 2SV page also highlights backup codes you should save during setup.

Practical recommendation:

  • Use a passkey as your main sign-in method.
  • Keep 2SV enabled if you still sign in on devices or flows that use passwords, and to add an extra layer to password-based access.

Step 1: Set up a PlayStation passkey

You can set up a passkey either through Account Management (web/app) or directly on PS5.

Option A: Set up passkey in Account Management (web)

  1. Sign in to Account Management.
  2. Go to Security and enable Sign in with Passkey.
  3. Select Create a Passkey and follow the on-screen steps.
    PlayStation notes you’ll receive an email confirmation after creating a passkey.

Option B: Set up passkey on PS5

  1. Go to Settings → Users & Accounts → Account → Security → Sign in with Passkey.
  2. Scan the QR code with your mobile device, then select Create a Passkey and follow the prompts.

Add a second passkey (highly recommended)

If you have more than one device ecosystem (for example, iPhone + Windows PC), add at least one additional passkey. PlayStation lets you manage passkeys and add more from Security → Manage Passkeys.

Step 2: Turn on 2-step verification (2SV) and save backup codes

PlayStation supports 2SV via Authenticator App or Text Message (SMS).
If you can choose, an authenticator app is usually the better long-term option because it doesn’t depend on your carrier.

Set up 2SV online (Account Management)

  1. Sign in to Account Management and select Security.
  2. Next to 2-step Verification Status, select Edit.
  3. Choose Authenticator App or Text Message.
  4. Scan the QR code (or enter the provided code), then enter the verification code and select Activate.
  5. Record your Backup Codes when prompted.

Set up 2SV on PS5

  1. Go to Settings → Users and Accounts → Security → 2-Step Verification.
  2. Choose Authenticator App or Text Message, follow the prompts, then record your Backup Codes.

Store your backup codes properly

PlayStation’s support flow treats backup codes as your “break glass” option when you lose your phone. Each code is single-use, so store them somewhere secure and accessible.

Step 3: Lock down your console and purchases (often overlooked)

Even the best account security can’t help if someone can pick up your controller and buy things.

Require a console passcode at sign-in

PlayStation explicitly recommends setting up “Require Passcode at sign-in” as a security best practice to prevent unwanted local sign-ins on your console.

Protect PlayStation Store purchases

Enabling Require Password at Checkout helps block accidental or unauthorized purchases.
Important detail: PlayStation notes this setting is not compatible with your account if you have passkeys set up.
If you use passkeys, focus on console passcode protection and keeping your account secure instead.

Sign out on all devices if you suspect someone accessed your account

PlayStation allows you to sign out of all devices from Account Management under Security.

Troubleshooting: fix passkey and 2SV issues fast

“I can’t sign in with my passkey”

PlayStation’s passkey support page says to choose “Can’t Sign In with Passkey” on the sign-in screen and sign in via email or QR code.
They also flag a few common passkey problem areas:

  • Remote Play on Mac issues: revert to password sign-in.
  • Outdated browser: update, or revert to password sign-in.
  • Some Android/Windows combinations: use the “Can’t Sign In with Passkey” fallback.

“I lost my phone—what now?”

If you still have another device with the same passkey system/password manager, PlayStation says you may be able to sign in using that device and then register a new passkey. If you can’t, they direct you to support via Online Assistant.

“I didn’t receive my 2SV code”

PlayStation’s 2SV issues guide recommends:

  • Use Resend Code and wait a few minutes.
  • Restart your phone and check airplane mode/network signal.
    If it still fails, they point you to PlayStation Support.

“I have backup codes—how do I use them?”

PlayStation explains you can choose the backup-code path on the sign-in flow (for example, Trouble Receiving Code? → Sign In Using a Backup Code) and enter one of your codes.
On PS5, they also outline signing in normally and entering a backup code on the 2SV verification screen.

“I don’t have backup codes”

PlayStation states you’ll need to contact support to restore access if you don’t have backup codes and you’ve lost access to your phone/number.

What to do if you think your account was compromised

If something feels off (unexpected sign-in notifications, password changes, strange purchases), act fast:

  1. Sign out on all devices (Account Management → Security).
  2. Recover and secure your account using PlayStation’s recovery and security guidance.
  3. Enable passkey + 2SV (or re-check that both still show as active).

Key takeaways

  • Turn on a passkey for the safest everyday sign-in.
  • Enable 2SV and store your backup codes like you’d store a spare house key.
  • Add local protection: Require Passcode at sign-in and keep your account signed out on shared devices.

Sources