Passkey authenticator
TOTP and passkeys together.
ZeroAuth supports passkey workflow integration for FIDO2/WebAuthn platform authentication, alongside full TOTP generation. Both credential types are managed with local-first storage in the device hardware enclave — no cloud dependency for either.
Comparison
TOTP vs. passkeys
| Property | TOTP (2FA) | Passkey (FIDO2) |
|---|---|---|
| Authentication type | Second factor (after password) | Primary + second factor combined |
| Phishing resistance | Partial — code can be relayed | Strong — bound to origin |
| Requires password | Yes | No |
| Works offline | Yes (TOTP generation) | Platform-dependent |
| Storage | TOTP seed in encrypted vault | Key pair in hardware enclave |
| Service adoption | Universal | Growing |
ZeroAuth supports both paradigms — use TOTP for services that require it and passkey workflows where available.
Questions
Passkey questions answered
Does ZeroAuth support passkeys?
ZeroAuth supports passkey workflow integration, enabling it to participate in FIDO2/WebAuthn platform authentication flows on iOS and Android. This allows ZeroAuth to act as an authenticator within platform passkey interactions alongside its TOTP generation capability.
What is the difference between a passkey and a TOTP code?
A TOTP (Time-Based One-Time Password) is a 6–8 digit code that changes every 30 seconds. It is used as a second factor after a password. A passkey is a FIDO2 credential that replaces both the password and second factor — authentication is performed with a cryptographic key pair, and a separate TOTP code is not required. Both approaches can be useful depending on the service being accessed.
Can I use ZeroAuth for TOTP and passkeys together?
Yes. ZeroAuth manages TOTP codes for services that require time-based second factors while also supporting passkey workflow integration for services that have adopted FIDO2/WebAuthn authentication. You can use both simultaneously depending on what each service supports.
Are passkeys stored locally in ZeroAuth?
Passkey credential material is managed through the platform's hardware-backed secure enclave (iOS Keychain / Android Keystore), which is the same infrastructure ZeroAuth uses for TOTP key storage. This ensures passkey keys remain in hardware-isolated storage on your device.