PanicStation.org
UK USA
uk Technology & digital loss new passkey alert • passkey added notification • unexpected passkey • unknown passkey added • account security alert • suspicious sign-in alert • someone added a passkey • passkey i didn’t add • account takeover warning • hacked account concern • sudden security settings change • new device added to account • sign-in method changed • passwordless sign-in alert • authentication method changed • recovery details changed • email account compromise risk • banking app passkey alert • passkey on shared device

What to do if…
you get an alert that a new passkey was added to an account you use

Short answer

Treat it as possible account takeover: go directly to the account’s security settings (not via the alert) and remove the new passkey, then sign out other sessions and secure your recovery options.

Do not do these things

  • Don’t tap links in the alert email/text/push to “fix it” — go to the service by typing the address or using the official app.
  • Don’t assume “passkeys mean it’s safe so it can’t be hacked” — settings can still be changed if someone got in.
  • Don’t delete the alert or clear notifications before you’ve checked what changed (you may need details like time/device).
  • Don’t keep using the account (especially for payments/messages) until you’ve locked it down.
  • Don’t reuse an old password “because it’s quick” if you have to reset one.

What to do now

  1. Pause and verify the alert is real (without clicking anything in it).
    Open the service by typing the web address yourself or using the official app, then go to Security / Sign-in methods / Passkeys.
  2. Remove the passkey you don’t recognise.
    If the screen shows a list of passkeys or “devices that can sign in”, remove anything you didn’t add or don’t recognise.
  3. Sign out other sessions / devices right away.
    Look for “Sign out of all devices”, “Log out of other sessions”, or a device/session list. End anything unfamiliar.
  4. Secure the account’s recovery routes (to prevent a quick re-takeover).
    If you can access settings, check and correct: recovery email address, phone number, backup codes, trusted devices, and any “account recovery” options. Also check for filters/forwarding rules that send copies of emails elsewhere or hide security emails.
  5. Change the password if the account still uses one (and you can).
    Use a strong, unique password. If you can’t change it because you’re locked out or something looks wrong, move straight to the provider’s recovery flow.
  6. Check for hidden changes that let an attacker keep control.
    Look for: new “authorised apps”, new app passwords/tokens, new linked accounts, or new login approvals you didn’t set up.
  7. Secure your email first if it’s linked to the account.
    If your email controls password resets for this account, repeat steps 2–6 for your email account immediately.
  8. If this is a work/school account: contact IT/security now.
    Use your organisation’s normal internal channel (not a reply to the alert). Ask them to review sign-in logs and force sign-out/reset.
  9. If this account can move money (banking, card, crypto, shopping): reduce risk immediately.
    If the provider offers an in-app lock/freeze, use it. Then contact the provider using details from the official website or the number on the back of your card, and review recent transactions for anything you don’t recognise.

What can wait

  • You do not need to figure out how the attacker got in right now.
  • You do not need to wipe devices or reinstall anything immediately unless you see clear signs of malware or repeated re-compromise.
  • You do not need to report it to anyone yet unless money is missing, you’re locked out, or you see ongoing unauthorised activity.
  • You do not need to close the account today if you can regain control and lock it down.

Important reassurance

Getting an unexpected security alert is genuinely unsettling, but it’s also one of the best chances to stop an account takeover early. You’re not “too late” just because a passkey was added — removing it and signing out sessions can cut off access quickly.

Scope note

These are first steps to regain control and prevent immediate damage. If you’re locked out, the provider’s recovery process (and sometimes your mobile network/email provider) becomes the priority.

Important note

This is general information for urgent first actions, not legal, financial, or technical advice. If you can’t regain control quickly, or if there’s financial loss or identity misuse, use the service provider’s official support/recovery steps. If you need to report cyber crime or fraud, you can typically report online via Report Fraud (Action Fraud) for England, Wales, and Northern Ireland; in Scotland, contact Police Scotland (101 for non-emergencies).

Additional Resources
Support us