ZeroPass – Browser Login

PSMail’s ZeroPass technology works to provide you passwordless access to your account. This is done using the latest FIDO2 authentication framework. If your device supports a FIDO2 enabled browser , you can register the device to login without having to enter your password. The best available local authenticators – such as Biometric or local hardware keys (USB) – can safely store a private key that can be registered and used for passwordless login. Follow along to learn how

If your laptop or desktop device supports a FIDO enabled browser, you will see the option “ZeroPass Trust this device” – enable this slider button and proceed to login.

ZeroPass is available on Device

Now when you login with a username and password, you will be prompted to use the right FIDO enabled location to store your private key (PassKey credentials). In the screenshot below, this Apple laptop uses fingerprint (Apple branded as TouchID) to protect your private key.

Save your ZeroPass credentials (PassKey)

Once your fingerprint has been verified, your device will now create a set of identifiers to protect the credentials and upload a public key to our server. Once PSMail’s server accepts the private key, you will see the success message on your browser screen.

ZeroPass success

Now the ZeroPass has been enabled on this device, every time you open the browser the login page will show the stored credentials you can use to sign in to your account.

Login using ZeroPass on the next try

ZeroPass login will initiate signing of a specific Challenge using your private key. The Challenge is just a random string generated by the server. This will prompt you for using your PassKey stored credentials to be used – here it is a fingerprint request to verify your identity.

ZeroPass prompt via fingerprint (TouchID)

On a successful validation of your fingerprint the server will verify this signature using the public key that was earlier stored on the server.

Once you have access to your account, you can see all your ZeroPass enabled devices. We recommend that you use distinct ZeroPass for each device, so if a device is stolen or lost, you can revoke that device without having to reset your account. Below is a screenshot of the menu under “Manage” => “Devices and 2FA” menu of PSMail under “Trusted Devices for Automatic Login” – the icon of Apple with a FIDO PassKey icon shows identifies this device.