Home
About
Open source Mobile apps Frequently asked questions Migrating from Google Photos About us
Pricing Blog
Help Center
Account Immich Other Contact support
Get Started
Privacy

Goodbye Passwords: PixelUnion Now Supports Passkeys

PixelUnion Team
6 min read
#Passkeys #Security #2FA #Authentication #Account Security #Privacy #Password-Free
Goodbye Passwords: PixelUnion Now Supports Passkeys

Passwords are a 1960s invention. They were designed for a world where computers were room-sized machines accessed by a handful of scientists. Today, the average person has over 100 online accounts, and data breaches expose billions of credentials every year. The humble password was never designed for this, and it shows.

We’re happy to announce that PixelUnion now supports passkeys: a modern, fundamentally safer way to log in. No passwords to remember, no SMS codes to type, and no way for attackers to steal what you never had in the first place.

What Is a Password, and What’s Wrong With It?

Before explaining passkeys, it helps to understand what makes passwords so problematic.

When you create a password on a website, that website stores a version of it on their servers. (Curious about exactly how that works? We wrote about how password hashing works in our identity provider.) Every time you log in, your password travels from your device to their server, where it’s checked against what they have stored. This means two things are true at once: your secret must be shared, and someone else is responsible for keeping it safe.

When companies get breached, and they do, constantly, those stored passwords can leak. Even when companies store them carefully, determined attackers can crack weak passwords. And because people reuse passwords across sites (completely understandably, since who can remember 100 different ones?), a breach at one company can cascade into a breach at dozens more.

Phishing attacks exploit this too. A convincing fake login page can trick you into typing your password directly into an attacker’s hands. You never even know it happened.

The problem isn’t that people are careless. The problem is that the technology is broken by design.

What Is a Passkey?

A passkey is a replacement for your password that works in a completely different way. Once you understand the core idea, it’s actually quite elegant.

Instead of a secret word you type, a passkey is a pair of cryptographic keys: one private (stored only on your device), and one public (shared with the website). Think of it like a lock and key, except you never hand the key to anyone. The website holds the lock, your device holds the key, and login happens when your device proves it can open that lock without ever sending the key itself.

In practice, this feels like: you visit the PixelUnion login page, you tap a button, and your phone or laptop asks you to verify with Face ID, Touch ID, Windows Hello, or your device PIN. That’s it. No password to type, no code to receive in a text message.

Passkeys cannot be phished, because there is no secret to steal. Even if an attacker tricks you into visiting a fake login page, your passkey will simply not work there: it’s cryptographically bound to the real PixelUnion website.

What makes passkeys better in practice:

  • Nothing to remember. Your device handles the authentication entirely.
  • Nothing to steal from the server. PixelUnion’s server only stores your public key, which is useless to an attacker on its own.
  • Phishing-resistant by design. Your passkey will only work on the real pixelunion.eu, not on any fake site, no matter how convincing.
  • No reuse problem. Each passkey is unique to each site, so a breach somewhere else can’t affect your PixelUnion account.

How to Set Up a Passkey on PixelUnion

Setting up your passkey takes about a minute:

  1. Log in to your PixelUnion account.
  2. Go to Account Security settings.
  3. Select Add a Passkey.
  4. Follow the prompt on your device: your phone, laptop, or security key will guide you through it.

Once set up, you can use your passkey to log in from any device that supports it. Your passkey can be synced across your devices through iCloud Keychain (on Apple devices), Google Password Manager (on Android/Chrome), or Windows Hello, depending on your setup.

If you’re using a password manager like 1Password or Bitwarden, those support passkeys too and work beautifully across platforms.

What Is Two-Factor Authentication, and Why Should You Use It?

Passkeys are a big leap forward. But while we’re talking about account security, there’s another layer worth mentioning: two-factor authentication, or 2FA.

The idea behind 2FA is simple: to log in, you need to prove two separate things. Usually this means something you know (your password) and something you have (your phone, for example). Even if an attacker has your password, they can’t log in without also having your second factor.

Think of it like your front door having both a key lock and a deadbolt. One lock can be picked; two is much harder.

Types of 2FA, from weakest to strongest:

  • SMS codes: a code sent to your phone by text. Better than nothing, but vulnerable to SIM-swapping attacks where an attacker convinces your carrier to transfer your number to their device.
  • Authenticator apps: apps like Aegis (open-source, Android), Raivo (iOS), or Google/Microsoft Authenticator generate time-based codes on your device. Significantly safer than SMS.
  • Hardware security keys: physical USB or NFC keys like a YubiKey that you plug in or tap. Extremely secure, used by high-risk individuals and organisations.
  • Passkeys: as described above, these are effectively the gold standard: phishing-resistant, device-bound, and seamless.

Even if you’re not ready to switch to passkeys yet, please enable an authenticator app as your second factor. It takes five minutes and makes your account dramatically harder to compromise.

Why This Matters Especially for Your Photos

Your PixelUnion account contains some of your most personal data: your family photos, your memories, your private moments. Unlike a social media account where the cost of a breach might be embarrassing posts, a compromised photo storage account could expose deeply private images.

This is not hypothetical. iCloud accounts have been targeted precisely because people store intimate photos there. Photo storage is a high-value target.

At PixelUnion, we’ve always taken security seriously: storing your data on European servers under European law, away from Big Tech surveillance and US legal reach. But technical privacy guarantees are only part of the story. Your account’s login security is the front door, and it deserves the same care.

What You Should Do Today

We encourage every PixelUnion user to take two steps:

  1. Set up a passkey. It’s faster, safer, and you’ll never need to remember a password for PixelUnion again. Go to your security settings and add yours now.
  2. Enable 2FA. If for any reason you’d rather keep using a password, add an authenticator app as a second layer of protection. You’ll find the option in your Account Security settings.

The ten minutes you spend on this today could save you from a situation you really don’t want to deal with later.

At PixelUnion, we believe that keeping your memories private requires more than just a GDPR-compliant server. It requires thoughtful security at every layer: from where your photos are stored, to how your account is protected. Passkeys are one more step in that direction.

Secure your account today