PSMail’s ZeroPass technology works to provide you passwordless access to your account. This is done using the latest FIDO2 authentication framework. If your device supports a FIDO2 enabled browser , you can register the device to login without having to enter your password. The best available local authenticators – such as Biometric or local hardware keys (USB) – can safely store a private key that can be registered and used for passwordless login. Follow along to learn how
If your laptop or desktop device supports a FIDO enabled browser, you will see the option “ZeroPass Trust this device” – enable this slider button and proceed to login.
Now when you login with a username and password, you will be prompted to use the right FIDO enabled location to store your private key (PassKey credentials). In the screenshot below, this Apple laptop uses fingerprint (Apple branded as TouchID) to protect your private key.
Once your fingerprint has been verified, your device will now create a set of identifiers to protect the credentials and upload a public key to our server. Once PSMail’s server accepts the private key, you will see the success message on your browser screen.
Now the ZeroPass has been enabled on this device, every time you open the browser the login page will show the stored credentials you can use to sign in to your account.
ZeroPass login will initiate signing of a specific Challenge using your private key. The Challenge is just a random string generated by the server. This will prompt you for using your PassKey stored credentials to be used – here it is a fingerprint request to verify your identity.
On a successful validation of your fingerprint the server will verify this signature using the public key that was earlier stored on the server.
Once you have access to your account, you can see all your ZeroPass enabled devices. We recommend that you use distinct ZeroPass for each device, so if a device is stolen or lost, you can revoke that device without having to reset your account. Below is a screenshot of the menu under “Manage” => “Devices and 2FA” menu of PSMail under “Trusted Devices for Automatic Login” – the icon of Apple with a FIDO PassKey icon shows identifies this device.