I've ordered around 30 of these for myself and the company I work for. I was actually thinking of buying a YubeeKey but then this crossed my path. More sites should start supporting FIDO2 IMHO
I've ordered around 30 of these for myself and the company I work for. I was actually thinking of buying a YubeeKey but then this crossed my path. More sites should start supporting FIDO2 IMHO
Yup, and as far as they tell they're going to update the firmware so in the end it will become a full Yubikey replacement. The hardware is already there, they just need to code the firmware.
Yup, and as far as they tell they're going to update the firmware so in the end it will become a full Yubikey replacement. The hardware is already there, they just need to code the firmware.
From their F.A.Q. page: Yubico keys, in addition to supporting FIDO2/U2F, also support various OTP protocols and Open PGP. We are planning to add these same functions to Solo in the near future,...
From their F.A.Q. page:
Yubico keys, in addition to supporting FIDO2/U2F, also support various OTP protocols and Open PGP.
We are planning to add these same functions to Solo in the near future, and because of (2), you can securely update your token from our website when we are ready.```
I don't think these are tamper-resistant, although I'm not sure the YubiKeys are either. But considering I just spent $50 on a YubiKey 5, I personally would have preferred to get 4 of these for...
I don't think these are tamper-resistant, although I'm not sure the YubiKeys are either.
But considering I just spent $50 on a YubiKey 5, I personally would have preferred to get 4 of these for the same price.
Wait, wasn't the fido "protocol" kinda closed? I think i recall seeing something about having to sign a NDA to get the hardware implementation details. What services use this fido2? Right now, i'm...
Wait, wasn't the fido "protocol" kinda closed? I think i recall seeing something about having to sign a NDA to get the hardware implementation details.
What services use this fido2? Right now, i'm just using 2FA on multiple websites with my android phone, besides solo being a hardware token is there anything better than the 2FA method?
Are you using SMS or an authenticator app? If you're using SMS, a sim swap attack could give the attacker your code for a website. An authenticator app is better, but someone can always steal your...
Are you using SMS or an authenticator app? If you're using SMS, a sim swap attack could give the attacker your code for a website.
An authenticator app is better, but someone can always steal your phone. The average thief wouldn't think to steal a hardware token.
I've ordered around 30 of these for myself and the company I work for. I was actually thinking of buying a YubeeKey but then this crossed my path. More sites should start supporting FIDO2 IMHO
Yup, and as far as they tell they're going to update the firmware so in the end it will become a full Yubikey replacement. The hardware is already there, they just need to code the firmware.
Nice! I'd actually be happy if it reaches 100K so we get USB-C for free hehe
Could you expand on this? I'm having trouble sorting through all of the initialisms.
From their F.A.Q. page:
Will these be ran through a security audit?
The code and the hardware will be fully open source, so anyone can go ahead and perform a security audit.
Yes, but that's probably something that should be done pre-launch. I know it's expensive, so maybe it should have been a stretch goal.
I don't think these are tamper-resistant, although I'm not sure the YubiKeys are either.
But considering I just spent $50 on a YubiKey 5, I personally would have preferred to get 4 of these for the same price.
Wait, wasn't the fido "protocol" kinda closed? I think i recall seeing something about having to sign a NDA to get the hardware implementation details.
What services use this fido2? Right now, i'm just using 2FA on multiple websites with my android phone, besides solo being a hardware token is there anything better than the 2FA method?
As far as I know, Google, Facebook, Dropbox, Twitter, Github and I plan to implement it into any service/website I'm building.
Are you using SMS or an authenticator app? If you're using SMS, a sim swap attack could give the attacker your code for a website.
An authenticator app is better, but someone can always steal your phone. The average thief wouldn't think to steal a hardware token.