PanicStation.org
UK USA
us Technology & digital loss new passkey alert • passkey added notification • unexpected passkey • unknown passkey added • account security alert • suspicious sign-in alert • someone added a passkey • passkey i didn’t add • account takeover warning • hacked account concern • sudden security settings change • new device added to account • sign-in method changed • passwordless sign-in alert • authentication method changed • recovery details changed • email account compromise risk • payment account passkey alert • passkey on shared device

What to do if…
you get an alert that a new passkey was added to an account you use

Short answer

Assume someone may have access: go directly to the account’s Security settings (not via the alert), remove the new passkey, sign out other sessions, and lock down recovery info immediately.

Do not do these things

  • Don’t click “secure your account” links inside the alert message — open the service directly in your browser/app.
  • Don’t ignore it because “passkeys are safer than passwords” — settings changes can still be unauthorized.
  • Don’t keep using the account for payments, messaging, or admin tasks until you’ve ended other sessions.
  • Don’t delete the alert before you’ve checked the date/time/device details.
  • Don’t rush to post about it publicly (it can attract more phishing).

What to do now

  1. Open the service the safe way.
    Type the website address yourself or use the official app. Then go to Account / Security / Sign-in methods / Passkeys.
  2. Remove the passkey you don’t recognize.
    If there’s a list of passkeys or devices that can sign in, remove anything unfamiliar immediately.
  3. Force sign-out of other sessions/devices.
    Use “Sign out everywhere,” “Log out of other devices,” or end sessions from the session list. Remove unknown devices from the account.
  4. Lock down recovery methods (to prevent a quick re-takeover).
    If you can access settings, verify and correct recovery email(s), phone number(s), authenticator settings, backup codes, and trusted devices. Check for email forwarding/filters that hide security messages.
  5. Change the password if the account uses one (and you still can).
    Use a strong, unique password. If you’re locked out or changes won’t “stick,” switch to the provider’s account recovery steps right away.
  6. Look for persistence tricks.
    Check for: new authorized apps, new connected devices, new “trusted” sign-in methods, new API access, or newly linked accounts you didn’t approve.
  7. Secure your email account next.
    If your email can reset this account, repeat steps 2–6 on your email provider immediately (email compromise often enables everything else).
  8. If it’s a work/school account: notify IT/security immediately.
    Ask for a forced sign-out, review of sign-in logs, and reset of authentication methods per your organization’s process.
  9. If money can move from this account: act like fraud might be in progress.
    If the provider offers a card lock/payment disable, use it. Then contact the issuer/provider using the official number on your card, statement, or the company’s official website, and review recent transactions for anything you don’t recognize.

What can wait

  • You don’t need to identify exactly how the attacker got in right now.
  • You don’t need to reset every account you own today — focus on this account and the email/phone tied to it.
  • You don’t need to wipe devices unless you see clear signs of malware or repeated re-compromise.
  • You don’t need to decide about closing the account until you’ve regained control and reviewed activity.

Important reassurance

An alert like this is alarming, but it’s also an early warning that gives you a real chance to cut off access before bigger damage happens. Removing the passkey and ending sessions often stops the immediate threat.

Scope note

This is first-aid for account control and damage prevention. If you’re locked out or suspect identity theft or financial theft, you’ll likely need the provider’s recovery steps and (sometimes) consumer reporting.

Important note

This is general information for urgent first actions, not legal, financial, or technical advice. If you can’t regain control or you see identity misuse or financial loss, use the provider’s official support/recovery process. In the US, IdentityTheft.gov is the federal government’s guided reporting and recovery tool for identity theft; for fraud/scams that aren’t identity theft, you can also report to the FTC via ReportFraud.ftc.gov.

Additional Resources
Support us