Own your keys.
Control your security.

Self-hosted passkeys for mobile apps. Built on TwinShield. No third-party lock-in. Hardware-protected transactions.

Start Free Integration Compare Solutions

Operated by MailBIT • Backed by TwinShield technology

★ PASSKEY+ ★ FREE PASSKEY NO EXTRA COST
SECURED SMS · TH THB
0.15 / SMS
all volumes · no limits
Hardware-signed OTPFREE
Hardware-bound keysFREE
Passkeys + auth serverFREE
No setup · No subscription
01 / FUNDAMENTALS

What is a
passkey?

A passkey replaces the password. Instead of a secret your users type — one that can be guessed, stolen or phished — their phone proves who they are. Nothing to remember, and nothing in your database worth stealing.

01

No shared secret to steal

The private half of the key never leaves the phone — your servers only ever hold the public half. Even a full database breach leaves an attacker nothing usable.

02

Immune to phishing

Each key is tied to your exact app and domain. A counterfeit site or cloned app can ask all it likes — without the genuine key, there is nothing for it to capture or replay.

03

Built into the device

Users authenticate with the Face ID, fingerprint or PIN they already trust to unlock their phone — no one-time codes to wait for, and no passwords to reset.

02 / WHY PASSKEYS

Why businesses
choose passkeys

Stronger security and a smoother login at once — the rare upgrade that costs your users nothing to adopt.

01

Eliminate password risk

No phishing, no credential stuffing, no reuse breaches — there is no password to steal in the first place.

02

Rooted in hardware

Keys are generated and held inside the device's security hardware — out of reach of malware on the phone and breaches on your servers alike.

03

A faster sign-in

One tap with Face ID or a fingerprint. Nothing to type, nothing to wait for, nothing to forget or reset.

04

An open standard

Built on FIDO and WebAuthn, supported across Apple, Google and Microsoft — proven, and free of proprietary lock-in.

03 / THE DIFFERENCE

Your passkeys run on your own infrastructure — not a provider's.

HOSTED PASSKEY PROVIDERS PASSKEY.IN.TH
01Where the passkey lives The provider's servers Your own infrastructure
02Relying party & domain Registered to the vendor Registered to your own domain
03Who holds the credential A third party Your database — your environment
04Vendor lock-in High — re-enrol every user None — the passkeys are yours
04 / SECURE SMS

The passkey secured the login.
Now secure the transaction.

A passkey proves who signed in — but the transaction that follows isn't signed by anyone. Secure SMS puts a hardware signature on each transaction at the source, so it can't be forged, intercepted, or AIT-pumped.

01

Signed at the source

Each OTP carries a hardware signature from the registered device — bots can't trigger it, attackers can't fake it.

02

Reaches every user

No app, no enrolment, on every phone. It covers recovery, onboarding, and the devices a passkey can't.

03

One signature, any channel

The same protection extends beyond SMS to WhatsApp and LINE — secured identically.

04

NBTC-licensed routes

Carrier-grade Thai delivery built for high-risk financial apps. High deliverability, transparent pricing.

Talk to us about Secure SMS → FROM ฿0.15 / SMS · NO SETUP · NO MINIMUMS

Passkeys are free to integrate

Security should never be a cost barrier

0 THB
Passkey SDK
  • Unlimited users & devices
  • Self-hosted on your domain
  • Full TwinShield protection
  • No vendor lock-in
Begin Integration

Secure OTP billed per successful delivery

05 / TALK TO SALES

Talk to our team.

Tell us about your app and we'll set up a Passkey.in.th trial on your own infrastructure. Prefer to chat? Reach us on WhatsApp or LINE.

WhatsApp+66 89 482 8550 LINE LINE@mailbit

WhatsApp LINE