Passkeys in Zoho Vault

What are passkeys?

Passkeys offer a secure, smooth way to log in to your online accounts. By eliminating the need for passwords and complex authentication methods, they significantly reduce the risk of unauthorized access. Their built-in protection against phishing attacks ensures your account and sensitive information stays secure.

Are passkeys more secure than passwords?

  1. Passkeys are created using secure algorithms with randomized parameters, removing the risk of dictionary-based attacks from weak passwords.
  2. The private key is securely stored within a trusted device, eliminating vulnerabilities linked to improper client-side storage.
  3. Each website creates a unique passkey, preventing password reuse, reducing credential stuffing risks, and limiting the impact of compromised credentials.
  4. Passkeys remove the need for complicated password rules (e.g., specific lengths or character combinations), enhancing security while improving the user experience.
  5. Passkeys eliminate manual password entry. They are tied to specific domains, ensuring your device won’t display a passkey prompt on phishing sites with mismatched domains.

How do passkeys work? 

A passkey is comprised of two asymmetric cryptographic keys: a private key and a public key. These keys are long, randomly generated sequences, unique to each passkey, and are related in a way that one key can decrypt messages encrypted by the other. This mechanism is used for user authentication and verification.

The private key is securely stored on your device within a password manager that supports passkeys, often called a passkey provider (Zoho Vault).The private key is stored on your device and secured by biometrics, a PIN, or a password. The website you are accessing holds the corresponding public key.The public key can be safely shared, ensuring that even if the website is breached, your private key–and thus your security–remains uncompromised. 

How a passkey logs you in 

  1. User visits a website and initiates the login process.
  2. A random cryptographic challenge is created and sent to the user by the website.
  3. The user authenticates their identity using a secure method on their device, such as biometrics or a PIN, to unlock access to their private key stored on the device.
  4. The private key is used to sign the cryptographic challenge provided by the website.
  5. The signed challenge is returned to the website.
  6. The website verifies the signature using the user’s public key, confirming their identity.
  7. After verification, the website grants access.

Save, login, and manage passkeys using Zoho Vault 

With Zoho Vault, managing your passkeys becomes effortless. You can securely save and share the passkeys created for your accounts and use them for seamless sign-ins directly from your browser.

Here is a list of websites where passkeys are currently supported. Since passkeys and passwordless login are emerging technologies, their adoption will increase over time, and more websites will begin offering passkeys as an alternative to passwords.

Choose your platform below for a detailed guide on how to get started with Zoho Vault's passkey management. 

  1. Web app and browser extension
  2. Android app
  3. iOS app
  4. macOS app

Common questions about using passkeys in Zoho Vault

Want to set up passkeys for a specific account?

  1. Secure your Zoho account using passkeys
  2. Unlock Zoho Vault with passkeys
  3. Secure your Amazon account using passkeys with Zoho Vault