This week’s EYE ON NPI (video) will be your loyal friend like a pet dog – it’s Authentrend FIDO2 Biometric Security Keys. These FIDO2 compatible USB dongles have an absolutely adorable built-in fingerprint sensor on the end, which means they have an additional layer of security in addition to ownership: you also need to have the matching fingerprints.
This is great when you want to secure something with 2 or 3 factors and possibly without having to have folks remember or change passwords.
Historically, authentication was done with just a username and password . But, as we’ve all learned, usernames and passwords can be guessed or stolen or hacked! Some folks have two-factor time-based code cards, apps or SMS messages which add “something you own” to the list.
FIDO/U2F cards have been around as a USB-based authentication system for a bit, and they’re slowly gaining traction through an open standard which makes it easy to integrate with web or desktop applications. We’re huge fans of moving all of your security risk to hardware like these, that abide by open standards – it’s very hard to create a secure hardware device. Firmware, storage, even when encrypted, is not often crackable or glitchable. Using an external dongle gives you a hermetically sealed challenge-response system from a company that does only one thing. Because the private keys are stored in the hardware, you don’t have to store them on device in firmware.
These come in a few different mechanical shapes and flavors, including USB A fingerprint key, USB C fingerprint key, and a keycard that has NFC, BLE and a USB-A flip-out. We were able to get our fingerprint entered into the dongle using Windows 10’s key manager, then used the same dongle to add 3-factor authentication to our Google account.
Of course, you probably want to use it for non-website projects too! You can interface with the security dongle very easily using the python-fido2 library, which means any embedded Linux/single board computer will be able to have trusted authentication added with USB. This could be a very inexpensive and fast way to add trusted authentication for your product without having to hire a cryptographer.
There are plenty of Authentrend ATKEY.PRO TYPE-A in stock at Digi-Key right now, that’s the one we’ve been using the most, but do check out the other variants as well, such as the USB C, if your computer has type C ports. Order one for each user today, knowing that the FIDO2 standard will mean easy and trustworthy deployment for many years!
See the manufacturer video below.