WebAuthn security keys provide the strongest protection against phishing and account takeover. They use cryptographic hardware to verify your identity.
Pro PlanWhat is WebAuthn?
WebAuthn (Web Authentication) is a modern standard for passwordless and multi-factor authentication using:
- Hardware security keys: Physical devices like YubiKey
- Platform authenticators: Built-in systems like Touch ID, Face ID, Windows Hello
Why WebAuthn is Secure
- Phishing-resistant: Keys verify the website domain
- Cryptographic: Uses public-key cryptography
- No shared secrets: Private keys never leave the device
- Tamper-resistant: Hardware-based security
Security Key Options
Hardware Security Keys
| Brand | Models | Features |
|---|---|---|
| YubiKey | 5 Series, Security Key | USB-A, USB-C, NFC |
| Google Titan | USB-A, USB-C | Bluetooth option |
| Thetis | Pro, Bio | Fingerprint models |
| Feitian | ePass, BioPass | Various form factors |
| SoloKeys | Solo V2 | Open source |
Platform Authenticators
| Platform | Technology | Requirements |
|---|---|---|
| macOS/iOS | Touch ID / Face ID | Apple device with biometrics |
| Windows | Windows Hello | Windows 10/11 with compatible hardware |
| Android | Fingerprint/Face | Android 7+ with biometrics |
| Chrome | Profile-based | Chrome 70+ |
Setting Up a Hardware Security Key
Get a Security Key
Purchase a WebAuthn-compatible security key. YubiKey 5 series is recommended.
Go to Security Settings
Navigate to Settings → Security in Zenovay.
Add Security Key
Click Enable MFA → Security Key, or if MFA is enabled, Add Security Key.
Insert Your Key
Insert your security key into a USB port (or have NFC ready on mobile).
Touch the Key
When your browser prompts, touch the button on your security key.
Name Your Key
Give it a recognizable name like "Office YubiKey" or "Backup Key".
Add Backup Method
Register a second key or another MFA method for recovery.
Always register at least two security keys, or have backup codes ready. If you lose your only key, you could be locked out.
Setting Up Touch ID / Face ID
macOS with Touch ID
Ensure Touch ID is Set Up
Go to System Settings → Touch ID & Password and add a fingerprint.
Use Safari or Chrome
Use a browser that supports Touch ID authentication.
Add in Zenovay
Go to Settings → Security → Add Security Key.
Authenticate
When prompted, use Touch ID to register.
Name It
Name it something like "MacBook Touch ID".
iOS with Face ID
Use Safari
Open Zenovay in Safari on your iPhone/iPad.
Add Security Key
Navigate to Settings → Security → Add Security Key.
Select Platform Authenticator
When prompted, allow Face ID or Touch ID.
Verify Identity
Complete Face ID or Touch ID verification.
Windows Hello
Set Up Windows Hello
Go to Windows Settings → Accounts → Sign-in options. Set up fingerprint, face recognition, or PIN.
Use Edge or Chrome
Open Zenovay in Microsoft Edge or Chrome.
Add Security Key
Go to Settings → Security → Add Security Key.
Authenticate with Windows Hello
Use your configured Windows Hello method.
Using Security Keys to Log In
Once set up, when you log in:
- Enter your email and password
- Browser prompts for security key
- Insert your key (if not already inserted)
- Touch the button or use biometrics
- You're logged in
NFC Security Keys (Mobile)
On compatible Android devices:
- When prompted, tap your NFC security key to the back of your phone
- Hold until verified
Managing Multiple Security Keys
We recommend registering multiple keys:
Recommended Setup
- Primary key: For daily use
- Backup key: Stored securely at home or office
- Travel key: Smaller form factor for travel
Adding Additional Keys
- Go to Settings → Security
- Click Add Security Key
- Follow the registration process
- Give each key a unique name
Removing Keys
- Go to Settings → Security
- Find the key in your list
- Click Remove
- Confirm with another MFA method
Never remove your last security key without having a backup method configured.
Browser Compatibility
| Browser | Support Level | Platform Authenticator |
|---|---|---|
| Chrome 67+ | Full | Yes |
| Firefox 60+ | Full | Yes |
| Safari 13+ | Full | Yes (Touch ID, Face ID) |
| Edge 79+ | Full | Yes (Windows Hello) |
Browser Settings
Ensure your browser allows security keys:
- Chrome: Settings → Privacy → Security → Use security key
- Safari: Security keys work by default
- Firefox: about:config → security.webauth.webauthn enabled
Troubleshooting
Key Not Detected
- Try a different USB port
- Check USB hub compatibility (try direct connection)
- Update browser to latest version
- Try a different browser
- Check if the key works on other sites
"Security Key Not Allowed"
- Ensure you're using HTTPS (not HTTP)
- Check browser supports WebAuthn
- Update your browser
- Try incognito mode
Touch ID / Face ID Not Working
- Ensure biometrics are set up on your device
- Try re-registering the platform authenticator
- Check browser has permission to use biometrics
- Restart browser and try again
"This Site Can't Use Your Key"
This can happen if:
- The domain changed (phishing protection working)
- Key was registered on different domain
- Browser security settings block the key
Security Best Practices
Physical Security
- Store backup keys securely: Safe, safety deposit box, or secure drawer
- Don't leave keys plugged in: Remove when not in use
- Keep track of keys: Know where each one is
Digital Security
- Register multiple keys: At least two for redundancy
- Keep firmware updated: Update security key firmware when available
- Use with strong password: WebAuthn is MFA, not password replacement (yet)
Enterprise Considerations
Enterprise Plan- Standardize on key type: Easier management
- Inventory keys: Track which employees have which keys
- Develop key loss procedures: Know how to handle lost keys
- Consider attestation: Verify keys are genuine
Passkeys (Future)
Zenovay supports WebAuthn, which is the foundation for passkeys. As passkey support expands, you'll be able to:
- Sign in without passwords
- Sync authentication across devices
- Use the same credential everywhere
Next Steps
- Save backup codes as additional fallback
- Review security best practices
- Set up organization-wide MFA (Enterprise)