Passwordless Workstation Login

Secure your computer logins with passwordless MFA

Security keys and smart cards use certificate-backed credentials and integrate natively with all operating systems via smart card standards. Harness the power of public key infrastructure to deliver an OS login that meets the highest security standards across Windows, Mac, and Linux.

Talk With Us

Why use security keys for computer logins

OS passwords are often reused by employees across multiple services, making them valuable and vulnerable. When employees use security keys tied to a corporate chain of trust, it's exponentially harder for attackers to move laterally or escalate privileges from a compromised computer. It's impossible to reuse a stolen password, because there are no passwords to steal.

Strong MFA for work computers

Strong MFA for work computers

Native OS support for PIV credentials

Native OS support for PIV credentials

Why 0pass

Manage the full lifecycle of your security keys

An app for smooth enrollment

0pass App gives an easy enrollment flow for every employee—whether they’re in HR or engineering. The App runs on Mac, Windows, and Linux, tying the key to the account and a corporate chain of trust. Just a few clicks and it’s ready to use.

Integrates with OS subsystems

Your security key will use the smart card support inherent in Windows, Mac, and Linux. Using native OS systems means full compatibility across all OS versions; no need maintain additional software for OS logins.

Certificate management tooling built in

We do the heavy lifting for certificate issuing, management, and revocation. The 0pass App handles certificate renewals. A security key signed by a trusted certificate authority ties it to the individual, and is the strongest authentication available.

Manage users and their security keys

Manage users, their keys, and their access to enroll in different levels of trust. Admins can also configure security options like lockout thresholds for incorrect PIN attempts. Employees can simply plug their key in and get to work.

We use smart card standards because they are natively supported by every OS

Windows

Your domain controller (DC) trusts the certificate authority chain which signs certificates for smart card login to Windows computers and servers. The DC uses this trust to prove the YubiKey was issued to that user.

Windows

Your domain controller (DC) trusts the certificate authority chain which signs certificates for smart card login to Windows computers and servers. The DC uses this trust to prove the YubiKey was issued to that user.

Mac

Configure Mac computers to allow logins from security keys with signed credentials from the 0pass certificate authority chain. Employees use enrolled security keys, tied to their corporate identity, for smart card login.

Mac

Configure Mac computers to allow logins from security keys with signed credentials from the 0pass certificate authority chain. Employees use enrolled security keys, tied to their corporate identity, for smart card login.

Linux

Linux computers can trust the certificate authority chain which signs certificates for smart card logins. Users log in to Linux machines with their YubiKey as a Smart Card. 0pass configurations support all Linux flavors.

Linux

Linux computers can trust the certificate authority chain which signs certificates for smart card logins. Users log in to Linux machines with their YubiKey as a Smart Card. 0pass configurations support all Linux flavors.

How you can get started

Let's talk about your use case

Chat with a security engineer and see whether we can help secure your environment. You can also set up a demo and access a free 30-day trial.

Access a free trial

Advice from security engineers

See a demo

Request Free Trial

How you can get started

Let's talk about your use case

Chat with a security engineer and see whether we can help secure your environment. You can also set up a demo and access a free 30-day trial.

Access a free trial

Advice from security engineers

See a demo

Request Free Trial

How you can get started

Let's talk about your use case

Chat with a security engineer and see whether we can help secure your environment. You can also set up a demo and access a free 30-day trial.

Access a free trial

Advice from security engineers

See a demo

Request Free Trial

Your questions, answered.

Why get rid of passwords for OS logins?

Why use native OS support for login instead of an app that handles the login?

What is the connection between YubiKeys and smart card technology?

What happens if a user loses their security key?

How does a YubiKey’s PIN and a password differ?

What if the security key is stolen?

Does 0pass provide audit logging capabilities?

Can the 0pass App (used for enrollment) and system settings be deployed remotely?

Can we self-host, or even air gap our instance?

Why use a security key instead of a phone app for MFA?

Can we use our own certificate authority, like Microsoft Active Directory Certificate Services?

Why get rid of passwords for OS logins?

Why use native OS support for login instead of an app that handles the login?

What is the connection between YubiKeys and smart card technology?

What happens if a user loses their security key?

How does a YubiKey’s PIN and a password differ?

What if the security key is stolen?

Does 0pass provide audit logging capabilities?

Can the 0pass App (used for enrollment) and system settings be deployed remotely?

Can we self-host, or even air gap our instance?

Why use a security key instead of a phone app for MFA?

Can we use our own certificate authority, like Microsoft Active Directory Certificate Services?