FIDO2 Security Key, Two Factor Authentication (2FA) NFC Security Key, Connect via NFC for Microsoft, Apple, Google, Facebook, Dropbox, Mifare DESFire, Convenient Card Format, FIDO Certified

I recently bought the FIDO2 Security Key and it's been a great addition to my digital security toolkit. Right off the bat, I loved how I could easily slip it into my wallet, thanks to its card-like form factor. Setting it up was a breeze, and I had it working with my Google and Facebook accounts in no time. The advanced security features give me peace of mind, knowing my accounts are better protected against phishing attacks. However, I did run into some trouble when trying to use it with my Android device—it didn't always work smoothly, but it was flawless with my Microsoft and Apple devices. Overall, the convenience and enhanced security it offers make it a worthy investment, even with minor compatibility hiccups. If you're looking for an easy-to-carry and robust security key, this one won't disappoint.

This is the "security key" to get for iPhone users. Tap and go. Very handy. A tip though: Use it on your Microsoft account first. They require a password. That way it will be all setup for everything else like your Apple ID. You may need their card reader to use it on your laptop. Actually, probably. Check that it has NFC. If not then get the reader. Worked with Microsoft Edge and Firefox. Didn't test on Safari yet but Apple is pretty good so...

Works with every FIDO2-enabled site I've tried it with so far. * Google * Microsoft * AWS * login.gov * GitHub There are two models. The first one I got several months ago (left in the image) has a larger "chip" with 9 pads (I think). The last one I got (a couple of weeks ago) has a smaller "chip" with 7 pads. * The larger 9-pad chip worked with the most common smartcard reader I've seen (https://amzn.to/40Sax46), but didn't work with my Dell Latitude 5510's built-in smartcard reader. * The smaller 7-pad chip worked the Dell reader, the common reader linked above, and another smaller smartcard reader I tried (https://amzn.to/3YZipin) * When prompted to "tap or touch" the "security device", you'll instead remove the card (if inserted) and then (re)insert the card. That action ensures that you're physically present during the login session. NFC worked with my Google Pixel (Android) on both cards. * When prompted, you'll slide the card around the back of your phone until it beeps/vibrates/whatever, then try to hold it still until it says you're good. That action ensures you're physically present during login. Notes: * It's only useful with sites that support FIDO. There aren't a *ton* out there right now, but the "center of my life" sites like Google/MS do, and they're *way* more secure than user/pass alone. It'll catch on, though, and more sites will support them as time goes by. Incredibly useful when working somewhere where: * You can't have your phone on you * You can't have anything that even *looks* like a USB flash drive on you * There are smartcard readers at nearly every computer * You've turned on 2FA for your Google account (as it should be) and need to log in

tricky situation not interested

I wanted to find a key that would work in smartcard readers as I am sometimes in a situation where no USB is available. This card did the trick, specifically for Microsoft (business & personal) accounts and Bitwarden. No software needed, same experience as yubikey, just asked to establish the PIN on first use. The NFC also worked well on my Andriod phone. The one issue that I did encounter was when registering as a security key for my Microsoft Business account. As the card is only FIDO2 Level 1 certified (this might not be the only reason), Microsoft Business accounts default settings do not allow it to be used. I had to toggle the "Enforce attestation" to off. Hopefully this is something that gets worked out in the future and my only reason for not giving a 5 star review. I will try other cards as I find them and update this review if one works with attestation.

it works excellent now everything is very secure

EDIT: As of September 2023, Google now requires managed credentials to be stored on the authenticator, which as I noted earlier, this card does not support. This means this card no longer works with Google accounts (it might still work if you had already set up your google account with it in the past, I'm uncertain.) Original review: First, I really like that this is in a card form-factor. That automatically tells you everything you need to know about its physical durability, and it will outlast basically anything else. It's really nice to just have a FIDO2 key in your wallet, and you can simply tap your wallet. However, strictly in terms of FIDO2 features, it pretty much sticks to the basics. Here are the features the card claims to support: versions: FIDO_2_0 U2F_V2 extensions: hmac-secret aaguid: 9c835346-796b-4c27-8898-d6032f515cc5 options: clientPin:true rk:true up:true max message size: 629 PIN protocols: 1 max cred count in list: 16 max cred ID length: 48 transports: nfc algorithms: Array([Map({Text("alg"): Integer(-7), Text("type"): Text("public-key")})]) force PIN change: false Unfortunately no FIDO 2.1, which means no credential management. I'm really torn about giving this a three star rating as given it's the only card form factor available, which alone gives it a boon if that's what you need. And if it had full fido 2.1 support, I'd use it as my daily driver.

Very useful, quieter, easy and safe to use, fits perfectly in the wallet.

Worked perfectly with my iPhone. I like the plain white card. Nice low key s2fa security.

Cool little piece of tech to have on you. Paired with the reader will be a hit and miss on some or if not most sites as all websites support fido2 differently.

La he usado para iniciar sesión en varios servicios y la experiencia es sólida: la autenticación FIDO2 responde al instante y elimina la dependencia de contraseñas débiles o repetidas. El formato de tarjeta resulta cómodo de llevar y el NFC facilita el uso con móviles y portátiles sin puertos disponibles. También funciona por contacto, así que cubre bien distintos escenarios de acceso. La detección es estable y no he tenido fallos al registrar la llave en cuentas de Microsoft o Google. La construcción transmite buena durabilidad y el chip responde siempre a la primera. Para quien quiera añadir una capa real de seguridad sin complicar el flujo de trabajo, es una herramienta directa y eficaz.

Really flakey reads with an iPhone 14 Pro, works most of the time but I wouldn’t rely on it for anything super critical personally.

Schlicht und einfach, für meinen Anwendungszweck genau richtig.