Hardware authentication (Passkey)
Introduction
Hardware Authentication using Passkeys is a modern and phishing resistant method to secure your user account. Instead of relying on a traditional password, a cryptographic key pair is used. The private key is securely stored on your device and never leaves it. Authentication is performed locally using biometric verification such as fingerprint or face recognition or alternatively a device PIN.
Requirements
To use Hardware Authentication with Passkeys, your setup must meet certain requirements. You need a compatible device such as a smartphone, tablet, or computer. The operating system and browser must support Passkeys or WebAuthn. A screen lock must be configured on the device, for example a fingerprint, Face ID, or a local PIN.
Enable authentication
To enable Hardware Authentication, open the profile settings in the customer area and navigate to the Security section (Profile Settings → Security). In this area, you can configure the security options for your account. Select Hardware Authentication to proceed with the setup.
After selecting this option, a popup window will open. Within this window, click on the button labeled Add authenticator to start the configuration process.
The setup then continues with the creation of a Passkey sign in for ZAP-Hosting. During this step, you will be asked to define a recovery PIN. This PIN is required to regain access in case the primary authentication method is temporarily unavailable and should be stored securely.
After these steps have been confirmed and Hardware Authentication via Passkey has been successfully set up, you will be automatically logged out once. This is a normal security measure and ensures that the newly configured authentication method is properly applied.
On the next login, after entering your username and password, you will see the Hardware Authentication option. Select this option and confirm the authentication request on your device to complete the login process.
Disable authentication
In order to disable two factor authentication, navigate to Profile Settings → Security. If the user is still able to sign in, the configured authenticator can be removed from the security settings at any time.
Frequently Asked Questions
If you are still unsure about using Hardware Authentication or have questions about its impact on your account, the following information helps clarify common concerns and explains how the feature works in practice at ZAP-Hosting.
What is Hardware Authentication at ZAP-Hosting?
Hardware Authentication at ZAP-Hosting uses Passkeys based on modern WebAuthn standards. Instead of relying solely on passwords, authentication is performed using a secure key stored on your device and protected by biometrics or a PIN.
Do I still need my password when using Hardware Authentication?
In most cases, the password is still used as part of the login process. Hardware Authentication adds an additional security layer that must be confirmed before access is granted.
What happens if I lose access to my Passkey device?
You can remove the affected authenticator from your account using another login method. If no alternative access is available, ZAP-Hosting support can assist with account recovery after verification.
Why is Hardware Authentication recommended?
This method significantly improves account security because it is resistant to phishing and credential theft. Since the private key never leaves the device and no reusable secrets are transmitted, the risk of unauthorized access is greatly reduced.
Can Hardware Authentication be disabled later?
Yes. Hardware Authentication can be disabled at any time from the security section of your profile settings. Removing a Passkey does not affect other login methods unless you explicitly disable them.