GET IN TOUCHloading spinner

We’re Bullish on security.

Bullish uses WebAuthn, a layered, multi-factor authentication protocol that leverages the latest security software and hardware tools. When you access your account with WebAuthn, there is hardware-backed, cryptographic validation which alleviates the need for passwords.

WebAuthn explained

When it comes to today’s critical cybersecurity needs, passwords are no longer adequate.


They’re too easy to hack, and can be a burden to remember.


That’s why Bullish uses a multi-factor authentication process. One key element to this is WebAuthn, a cutting-edge security protocol.


This technology was created by the World Wide Web Consortium and the FIDO Alliance, with participation from companies like Google and Microsoft.


So what’s the benefit?


When you log in to your Bullish account with WebAuthn, there will be hardware-backed, cryptographic proof that you are who you say you are.


So there’s no need to remember complicated passwords or to use one-time codes.


Put simply, WebAuthn is like a card game, where every user has a unique deck.


And each time they log in to their Bullish account, they must select a random card from their private deck to show us.


If this card matches the records we have on our side, they get access.


Only in reality… the private decks are called “external hardware security keys”, which are created when a user signs up using built-in biometrics or a hardware device.


While the cards that are chosen and shown to us are called “public keys”, which are randomly generated each time a user logs in.


It’s called a private-public key pair, and it’s simple—and secure—to use.


After you’ve created your account using WebAuthn, it will be used to confirm your identity any time you’re logging in, as well as for actions that require extra security, such as adding an additional device (for example, another computer or phone) to access Bullish or for custody-related transactions.


Your operating system and browser will be able to detect compatibility with WebAuthn.


We recommend the latest version of Chrome browser for the best experience.


You’ll need a FIDO2-compliant authenticator including but not limited to:


– a built-in biometric sensor, like Apple Face ID or Touch ID




– a hardware security key, including Yubico YubiKeys, Thetis keys or OnlyKeys.


Let’s look at two potential WebAuthn journeys.


First, on a computer with biometric hardware using the Chrome browser. When prompted during registration, you’ll be given the option to confirm your identity either using a USB security key or with the built-in Touch ID sensor. You may use either method.


If you want to use a security key, choose that option, insert your key and touch the key’s sensor, per screen instructions. Your WebAuthn setup will now be complete.


Note there are many varieties of security keys, and how you touch the sensor may vary by vendor. Please be sure to refer to individual vendor instructions before use.


If you choose to use the built-in biometric sensor, select that option when prompted and then touch the sensor with your finger. Your WebAuthn process will now be complete.


Please ensure to use the same finger every time to authenticate.


If using a Windows PC with Windows 10 OS and the Edge browser, a security key will be the only option.


When initializing your key, Windows Security will ask you to create a PIN for the key.


Please keep this PIN safe because if you forget the PIN, you’ll need to reset your key following your individual vendor’s instructions.


As the Bullish onboarding journey includes PIN creation before the WebAuthn process begins, note the Windows Security prompt is a second prompt not controlled by Bullish.


For more information about how Bullish uses WebAuthn, refer to our Help Desk. You may also contact our Customer Support team at with questions at any time.


For more information on Bullish services and associated risks, please refer to the Terms of Use and Risk Warning notices on


Thank you.

A 3-pronged approach
to security.
  • Hardware-backed security.
  • Cryptographic proof.
  • Multi-factor authentication.

WebAuthn gives you greater security by requiring the use of an accepted:

Hardware security key

Fingerprint reader

Facial recognition scan

Over 80% of security breaches are password related1. WebAuthn eliminates this threat by eliminating passwords, instead using public key cryptography. This “asymmetric” cryptography can leverage the built-in biometric scanners on devices as well as dedicated devices like physical security keys to add an extra layer of security. Passwords are replaced by a public-private key pair as a private key is generated and stored on the user’s device while a public key is paired with a randomly generated ID that is stored on a server.

1 Verizon Business 2020 Data Breach Investigations Report

Bullish builds on WebAuthn to deliver multi-factor authentication, granting a user access only after successfully presenting two or more factors to authenticate their identity. Bullish uses WebAuthn, email confirmation, and a six-digit PIN for an extra layer of security on highly sensitive transactions within your account.
Learn more about WebAuthn

Experience a new breed of exchange.

Learn more about Bullish.