Passkeys
Sign in securely without passwords using your device's built-in security
Passkeys are a secure, passwordless way to sign in to Zipwire. Instead of remembering a password, you use your device's built-in security features like your fingerprint, face recognition, or a PIN—the same way you unlock your phone or laptop. They're faster, more secure, and you never have to worry about forgetting a complex password again.
How Passkeys Beat Passwords
Passkeys are fundamentally different from passwords in ways that matter for your security. With a traditional password, hackers can guess it, steal it in a data breach, or trick you into giving it away through phishing. With passkeys, none of that is possible.
Here's why: your passkey uses advanced cryptography that ties it to your specific device and Zipwire. Even if someone somehow got your passkey data, they couldn't use it on their own computer or phone—it only works on your device. The part of your passkey that actually proves who you are (your private key) never leaves your device, so it can't be stolen in a breach. And since passkeys are unique to each service, you can't accidentally reuse the same credential across multiple sites. You also never need to change a passkey or worry about whether it's "strong enough"—your device handles all of that automatically.
How Passkeys Work
When you create a passkey, your device generates a unique pair of cryptographic keys: a public key and a private key. The public key is stored with Zipwire (similar to a lock), while the private key stays only on your device (the key that opens it). When you sign in, Zipwire challenges your device to prove it has the private key, and your device responds with proof—but it never shares the actual key itself. Think of it like proving you own a house by unlocking the front door; you're not handing over your house key to the landlord, just showing you have it.
Where Your Passkey Lives
Your passkey is stored securely by your operating system and browser, not by Zipwire. Here's what happens on different devices:
On your iPhone or iPad, your passkey is stored in the Secure Enclave, which is a specially protected part of your device's chip designed just for this. It's kept isolated from the main operating system, so even if your device is compromised, the private key can't be extracted. If you have iCloud Keychain enabled (which is the default), your passkeys are automatically backed up and synced across all your Apple devices. When you get a new iPhone or iPad and sign in with your Apple ID, your passkeys will automatically restore.
On an Android phone, your passkey is stored in the Android Keystore, a similar protected system that keeps encryption keys secure and separate from the rest of the operating system. If you're signed in to your Google Account, your passkeys are automatically backed up and synced. When you get a new Android phone and sign in with the same Google Account, your passkeys will automatically restore.
On Windows, your passkey is stored in the Windows Credential Manager, which uses your device's encryption to protect it. If you enable Windows Hello (fingerprint, face, or PIN), your passkey is even further protected. If you use Microsoft Edge and are signed in to your Microsoft Account, your passkeys can sync across your Windows devices.
On Mac, your passkey is stored in the Keychain and synced securely across your other Apple devices through iCloud Keychain. This means you can use the same passkey on your Mac, iPhone, and iPad automatically.
In your browser, most modern browsers (Chrome, Firefox, Safari, Edge) keep your passkeys in sync with your operating system or your account. For example, if you use Chrome, your passkeys sync to your Google account and are available across your devices.
The important thing to know is that your device—not any website or company—controls and protects your passkey. You're always in charge.
Setting Up a Passkey
Setting up a passkey takes just a few minutes. Here's what to expect:
Step 1: Enter Your Details
Start by providing your name and email address. We strongly recommend also adding a phone number. This isn't required, but it's your safety net—if something goes wrong and you lose access to your device, your email, or both, you'll need one of these recovery methods to get back into your account. More on that below.
Step 2: Create the Passkey
Your browser or device will prompt you to create a passkey, usually by asking you to use your fingerprint, face recognition, or device PIN. This is your device confirming that it's really you creating this passkey. The process takes seconds.
Step 3: Verify Your Contact Details
We'll send verification codes to your email and phone (if you provided one). Check your email and/or text messages, then enter those codes to complete setup. This verification makes sure your account recovery options actually work—so you won't be locked out later if you need them.
Once this is done, you're ready to sign in from that device.
Signing In with a Passkey
To sign in to Zipwire, just choose the passkey option. Your device will prompt you to authenticate with your fingerprint, face, or PIN—no typing required. On most devices, this is just one tap or click. The entire process is usually faster than typing a password.
Signing In on a Desktop or Laptop with Your Phone
Here's a convenience feature many people don't know about: even if your passkey is on your phone, you can often use it to sign in on a desktop or laptop without having to add another passkey to the desktop.
When you try to sign in on your computer, instead of being prompted for a passkey on that computer, you might see a QR code. Pull out your phone, scan the QR code with your phone's camera or authenticator app, and approve the sign-in on your phone with your fingerprint or PIN. Your computer will log you in instantly. This is especially useful if you're signing in on a work computer, a shared device, or a computer that doesn't have a passkey set up yet. Your phone does all the work, and the computer never stores any of your credentials.
Adding Passkeys to Multiple Devices
You can (and should) set up passkeys on multiple devices. Each device gets its own passkey, so you can sign in to Zipwire from your phone, tablet, laptop, or desktop—whichever you're using. You're not limited to one device.
Just remember: each passkey is only on that specific device. If you set up a passkey on your home laptop, that passkey won't appear on your work computer. That's actually a security feature—it means if one device is compromised, your other passkeys are unaffected.
To add a passkey to an existing account on a new device, use the account recovery flow. This allows you to verify your identity using your email or phone number, then create a new passkey on that device that's linked to your existing account.
Important: Using Passkeys on Work Devices
If you're setting up a passkey on a work-provided device (laptop, phone, tablet), talk to your IT department or security team first. Organizations often have policies about what can be stored on work devices, and they may manage credentials centrally for security and compliance reasons.
Your IT team might:
Have specific guidance on whether passkeys are allowed
Prefer that you use the QR code sign-in method on work devices instead of storing a passkey on the device
Require you to remove the passkey if you leave the company or the device is wiped
It's worth checking before you set one up, so you don't run into surprises later.
Account Recovery: Keep Your Second Factors Updated
Most modern devices automatically back up and sync your passkeys. If you have iCloud Keychain enabled on Apple devices, or you're signed in to your Google Account on Android, or using Microsoft Edge with a Microsoft Account on Windows, your passkeys will automatically restore when you sign in to a new device with the same account. This means if your phone breaks and you get a new one, your passkeys will typically be there waiting for you once you sign in.
However, there are situations where you'll need to use account recovery to add a new passkey:
You're switching from one ecosystem to another (e.g., iPhone to Android, or Windows to Mac)
You're signing in on a new work computer that doesn't have your personal account
You've disabled cloud sync or backup on your device
You're using a device or browser that doesn't support passkey sync
You accidentally reset your device and lost all your data before it could sync
In these cases, you'll need your email and phone number to verify your identity and add a new passkey. This is why it's critical to keep your recovery information updated.
If you lose access to both your device and your recovery methods (email and phone), you won't be able to access your account. So keep your email address and phone number current. If your phone number changes, update it in your account settings. If you're about to do a major device reset or wipe, make sure you have access to your email or phone first.
Think of it this way: your device holds your passkey, but your email and phone hold the keys to recovering everything.
Troubleshooting
The passkey prompt doesn't appear when I try to sign in
Make sure you're using a supported modern browser (Chrome, Firefox, Safari, or Edge). Older browser versions sometimes don't support passkeys yet. Try updating your browser to the latest version.
I can't sign in on a new device
This is normal—your passkey only exists on the device where you created it. To sign in on a new device, use the account recovery option. Verify your email or phone number, and then create a new passkey on the new device. Alternatively, if your original device is nearby, you can scan a QR code on the new device with your phone to sign in without storing a passkey on that device.
I lost access to my device
If you're getting a replacement device in the same ecosystem (e.g., a new iPhone to replace your old iPhone), your passkeys should automatically restore when you sign in with your Apple ID, Google Account, or Microsoft Account. If they don't appear, or if you're switching to a different ecosystem, use the account recovery option to add a new passkey. You'll need to verify your email address or phone number to confirm your identity. Once you verify, you can set up a new passkey on your new device and access your account again. The old passkey on your lost device won't work anyway—your device's unlock method (fingerprint, PIN, or face) protects it.
My browser is asking where to save my passkey
Your browser is just asking where you want to store it—on your device directly, or synced to your account (if available). For personal devices, syncing to your account (like iCloud Keychain or Google Account) is usually the most convenient, because your passkey then works across all your devices. For work devices, check your IT policies first.
I'm having browser compatibility issues
Try updating your browser to the latest version, or try signing in with a different browser. If you're on an older operating system, you might need to upgrade to get passkey support. If you continue to have problems, contact our support team.
Security Tips
Keep Your Device Secure
Your passkey is only as secure as your device. Lock your phone and laptop when you're not using them, and use a strong PIN or biometric authentication (fingerprint or face) on your device itself. If someone unlocks your device, they could theoretically use your passkey to sign in to Zipwire, so device security is your first line of defense.
Update Your Recovery Information
Check your account settings periodically to make sure your email and phone number are current. A valid recovery method is your safety net.
Review Your Devices
If you've added passkeys to multiple devices and you no longer use one of them, consider removing that passkey from your account (if the system allows it). This reduces the number of places your credential is stored.
If You Suspect Your Device Is Compromised
Use account recovery to add a new passkey on a secure device, then remove the old passkey from the compromised device if possible. This ensures no one else can sign in as you from that device.
The beauty of passkeys is that you get strong security without the burden of managing complex passwords. Your device does the heavy lifting, and you just authenticate the way you already do every day—with your fingerprint, face, or PIN.
Last updated