ZZPass supports passkeys — the faster, safer, phishing-resistant way to sign in. No passwords to remember, type, or steal. Just your face, your finger, your PIN.
A passkey is a cryptographic key pair stored on your device. There's nothing to type, nothing to remember, nothing a fake site can steal. Here's how it stacks up.
Under the hood: passkeys use public-key cryptography. Your private key never leaves your device — the site only ever gets the public key. Even if they're breached, there's nothing to steal.
From the first time a site offers a passkey to every login after, ZZPass handles the cryptography — you just confirm with your face.
When a site offers passkey signup, ZZPass generates a unique P-256 key pair and stores it encrypted in your vault. The site only sees the public half.
Next visit, ZZPass autofills your passkey. Verify with Face ID, Touch ID, or your PIN — and you're in. No password typed, no code copied.
Passkeys sync across all your Apple devices via iCloud, encrypted end-to-end. Share securely with family or your team through ZZPass shared groups.
When you sign in with a saved password on a site that supports passkeys, ZZPass quietly registers a passkey in the background. Next time, you'll sign in with just your face — no action needed.
For the technically curious. ZZPass uses Apple's CryptoKit and standard FIDO2 primitives — nothing custom, nothing proprietary.
Full standards compliance. Works with every site that supports passkeys — no proprietary extensions, no exceptions.
NIST-recommended elliptic curve. The same cryptography used by banks and governments — implemented via CryptoKit.
Industry-standard CBOR Object Signing and Encryption key encoding. Understood by every WebAuthn verifier on the planet.
Timestamp-based sign counters detect if a credential has been copied to another device — more robust than simple incrementing counters.
No hardware fingerprinting. Sites learn nothing about your device — your privacy is preserved by default, not as an option.
Passkey private keys are encrypted with your vault's AES-256-GCM master key. We never see them. Nobody but you can.
Implementation note — ZZPass implements all cryptography using Apple's CryptoKit framework. No custom crypto, no third-party dependencies, no surprises.
ZZPass is a system credential provider on iOS and macOS. Your passkeys appear right where you need them — beside your passwords, in the autofill bar.
Full transparency over what you have, where it's stored, and who you've shared it with.
See the relying party, username, and passkey status for every credential in your vault.
Clear warnings if removing a passkey would leave a credential empty. Nothing disappears by accident.
Passkeys in shared groups are end-to-end encrypted with ECIES (P-256) key distribution.
Full credential export including passkey data. No vendor lock-in — your keys are yours.
Credentials with passkeys show a key icon in your vault list — see at a glance which sites are upgraded.
Passkey adoption is growing fast. ZZPass works wherever WebAuthn is supported — and falls back to passwords or one-time codes everywhere else.
For sites that don't support passkeys yet, ZZPass still stores and autofills your passwords and one-time codes. Passkeys are additive — never a forced switch.
See the full directory →