[kwlug-disc] MFA security keys

Andrew Sullivan Cant mail at andrewsullivancant.ca
Tue Oct 1 10:25:48 EDT 2024 

Paul,

I have not tried it but NitroKey seems like it might be a good candidate.

* https://www.nitrokey.com/
* https://www.nitrokey.com/products/nitrokeys
* https://en.wikipedia.org/wiki/Nitrokey

Located in Germany, so decent privacy laws.
They seem free software committed and privacy committed.
And they have been around since 2008 according to Wikipedia.

There docs say they do "FIDO Universal 2nd Factor (U2F)" but I don't see 
references to WebAuthn in their website.


Has anyone ever tried NitroKey?

Andrew


On 9/30/24 23:57, Paul Nijjar via kwlug-disc wrote:
> There are Yubikeys, which are the market leader. I had a Yubikey 5
> (the black one) and a Yubikey Security key (the blue one).
> 
> I now need to get additional keys for myself. The default choice is a
> Yubikey but I am not sure whether to consider others (NitroKey,
> SoloKey, Thetis, OnlyKey, Token2 key).
> 
> Requirements:
> - USB-A
> - WebAuthn/FIDO2 support
> - Durable so it won't break if I have it on a wallet
> - Just works without me needing to sysadmin a hardware key.
> 
> Nice to haves:
> - OTP (One time password) support?
> - Different colors so when I have multiple keys I don't mix them up
> - No NFC if possible
> - No biometrics. Making contact with the button is good.
> 
> There are some open-source security keys. I am mostly indifferent to
> this.
> 
> Price is a consideration but not the primary consideration. I don't
> want to spend more than $100CAD on a key.
> 
> OTP is strange. Yahoo mail is broken garbage for MFA. OTP is supposedly
> supported but did not work, and I could not use the Yubikey 5 at all
> because it would not fall back to WebAuthn. So I am not securing Yahoo
> Mail. (I think WebAuthn did work on the Yubikey Security Key.)
> 
> When given the choice I prefer Webauthn. However, there are situations
> where OTP has proven necessary. So maybe I am looking at getting some
> keys with OTP support and some keys without.
> 
> The downside to another Yubikey Security key is that they are now
> black, and all include NFC.
> 
> The downside to another brand is that I do not know what is
> trustworthy. The SoloKey here looks nice because you can get colored
> sleeves as well, but I do not know whether this is a good choice or
> not: https://solokeys.com/collections/all/products/solo-2a-security-key-built-with-trussed%C2%AE
> 
> Has anybody experimented with these alternative keys? What have your
> experiences been? Are these now commodities that all Just Work, or do
> I have to be careful?
> 
> Are there other things I should be considering?
> 
> - Paul
> 
> _______________________________________________
> kwlug-disc mailing list
> To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
> with the subject "unsubscribe", or email
> kwlug-disc-owner at kwlug.org to contact a human being.

More information about the kwlug-disc mailing list