FEITIAN ePass K40 USB Security Key - Two Factor Authenticator - USB-C with NFC, FIDO U2F + FIDO2 - Help Prevent Account Takeovers with Multi-Factor Authentication

This was one of least expensive USB C hardware keys on the market that I have found and yet it is easier to use and just as compatible as any one I have used. I am pretty sure by now I have tried almost every one on the market.My only complaint was the lack of security seal or anything to verify it wasn't opened since leaving the manufacturer. With ANY USB device this is important these days, but with anything like this it's an absolute must. If someone had previously opened it, they could've installed something on it or even added a tiny piece of hardware to make it install a Trojan on your system.So far every key besides Yubbi has this problem. I returned two keys due to it. This one was simple enough for me to test it on and unused system that was airgapped. It was clean and untouched so after testing it there a while I started using it regularly cause it's one of the ones that I use on my mobile device.I keep 5 key now because I had one stolen and two of a different brand fail that cost me 20k due to lost access to kmy accounts due to the way I intentionally set them up. So it was my own fault for not having enough backs ups.Lesson learned, you can't ever have too many of these incredible devices. I find it funny Amazon sells these but doesn't offer support for them on here. To me this is the best and only way I secure my accounts. Highly recommend getting at least one to go with 4 others or all 5 an be this one. Just make sure to keep one off site preferably in a fireproof safe or security vault of some kind.One of the best and most affordable yet.

Bought to replace yubikey(tm) that i lost. This looks better on my keychain. Works exactly as yubikey(tm) to secure my laptop and accounts. But much less expensive. I replaced the 5 NFC with this. The USB-C works with phone and laptop no need to use the NFC although It has it.

When attempting to sync this key with my Coinbase account I am told time and again to enter the serial number to which I oblige and am told that number is incorrect. I have not had this issue with any other Fido/u2f/2fa keys in the past :/

With not a whole lot of reviews I was skeptical of this product at first arguably but I gave it a try because I have been searching for a better hardware security key that actually works with modern devices that use USB C and NFC. I personally use a lot of Apple products so the utility of being able to plug this into my MacBook and tap it on the back of my iPhone and sign-in is clearly there. The only caveat is you can only set it up from a computer for example with Google but the NFC functionality is still there. I am not sure about the long-term reliability of this product and how effective it will be. But for now it is really the only durable and somewhat decent solution for people who use USB C devices like most modern laptops and have either an Android or iPhone. It works great with my google account and I look forward to testing more accounts soon.

Before I purchased this brand, I researched extensively. I've learned that this brand is on the compatibility list just as often as Yubikey. This key works just as well.

is good

Edit: In trying to buy another key direct from feitian (not sold on amazon) they completely whiffed. Took my money, and never shipped the key nor did they respond via chat or email. I had to go to the payment provider to get a credit. The keys are good, but no company support from PRE sales, so I can imagine what you get for POST sales support.Original review:I've used physical security keys before, some years ago with a large employer, so I have a bit of familiarity. I researched these well, here's what I decided to do.There are numerous ways to secure online accounts, from email to banks. A common one involves sending a "Two factor Authentication" SMS text to your cell phone with a one-time use code. These are better than just a username/password that can be stolen or guessed at. But SMS can be hacked/read by other than the intended recipient.You can go much better by using an Authenticator app on a smart phone. Microsoft and Google make an app for both android and ios. These use the security chip inside of your smart phone to create a one-time use code that you enter when logging into a protected service. So essentially free, but if your phone gets stolen or someone copies the credentials from it, or does a sim swap with a little tinkering and they're into your accts.And next comes a hardware security key like these.Like your smart phone, the key also has a security chip, an installed firmware that implements a variety of protocols, and an external interface. The latter can be usb-a, usb-c, NFC or Bluetooth. Pick the key(s) that have the connections you need. NFC can be used from about 4" or less. Bluetooth can be used with a decent range, but bluetooth certificates have been stolen, which means someone within bluetooth range could use your key. About 30' or so. Pretty damned unlikely, but the older google Titan bluetooth key was hacked using such a method, which was quickly fixed and new keys issued.After looking at keys and using the google authenticator app, I saw that googles "titan" branded keys were not in stock and were in the process of being updated. And an article that said that this particular K40 key was going to be the new titan "USB C"/NFC key. Google programs a security chip and epoxies it, then sends it to a vendor to be mass produced into actual keys. Without doing this, the manufacturer could put a backdoor into the key. These are not titan keys, but stock Feitian keys. So if you're doing incredibly lucrative work that is of a critical nature that nation states want to get your work...ehhh...you aren't reading reviews about keys on amazon!Googles last round of keys were made by Yubico and Feitian, looks like the two new ones are this K40 key for NFC/USB-C and the Feitian A4B for usb-a. I have one of those as well, as a backup key. You don't need more than one, but it's advised that you register two or more keys in case one is lost or breaks. So I feel comfortable with both companies. But since Yubico is a pioneer and drives a lot of standards, they charge quite a bit more. About twice as much.So...how do these work? In most implementations, you log in once using your key and that device will then have the key registered with the host provider (google, microsoft, bank, investment company, etc). For some routine providers, this is a one-time thing unless you explicitly log out. For some (largely financial) you'll need the key every time. The base standard is a time-based protocol that mixes your key with a particular time of day/date. Once registered, given a particular day and time, your Feitian key and the host you registered it with will know the code. The key is seen to every device as a USB keyboard, and it enters the requisite code when you 'tap' the led lit side of the key.So with a pair of these, registered to each service you use, someone would have to have the actual security key, your username and your password to access your accounts. Or have an NSA like capability.This particular key is very solidly made, and on a keychain would last many many years. I tried it with an android phone running android 10, a desktop, a chromebook, an Nvidia Shield, and two Sony android tvs.The chromebook stays 'good' through a logout/login, so you'll only need the key once, and again if google wants you to log into your account again, usually if you're accessing account details/security.Same with the cell phone, tried it with both the USB-C and NFC wireless. Worked like a champ with both.Sony Android TV's surprisingly worked just fine to log into my google account, given that one is six years old! No further need for the key unless you reset the tv. Same for the Nvidia Shield. Just stick it in the USB port and tap when asked to do so.On the desktop, I had google 'trust' the PC (windows) and will only need the key again if I explicitly log out of google.If anything gets stolen, revoking that devices connection through google, microsoft, etc is fairly simple and then access to your stuff is cut off from that device. Changing your password will also force a requirement for the key on each device.Other tidbits: You don't need but you really do want two or more keys. Despite some stuff suggesting otherwise, these can be two of the same make/model of keys. For most manufacturers, within their products, everything is the same except for the physical usb/wireless interface. Yubico does hobble their cheapest key which removes some proprietary capabilities.For protocols, FIDO was the original standard, and most hosts use that. FIDO2, HOTP, TOTP and so forth are newer/additional protocols. Some password managers are particular about which keys they work with. This is an area where a Yubico key might be helpful, as they work closely with outfits like Lastpass.This particular key supports all of the open standards that you're likely to see widely implemented for the next 5+ years. So you have good future proofing, given the protocol support, build quality and most current and near future devices using NFC and/or USB-C.The three well recommended keys are this Feitian, Yubico, and Thetis. Google has relied on Feitian and Yubico for their own internal security needs, and to resell to its customers.For this key and the Feitian A4B key at less than forty dollars, that's cheap to keep someone from stealing a password or your phone and getting into your accounts, and for identity protection. Google looks to be asking sixty-five for the pair!For people wanting bluetooth, Yubico doesn't do it because they feel it's insecure. Feitian and Thetis do have a current bluetooth product. In that space I'd get a Feitian K25. It's the most recent update of the bluetooth key that google used to sell in the Titan bundle."Open software" keys exist, both in the form of the Solo brand keys, which seem well priced and OpenSK keys. In those instances, the firmware on the key is open source, and the key can be programmed with newer firmware. That means more features and newer protocols, BUT it also introduces the possibility of someone hacking the firmware or rewriting the key. I didn't feel that the tradeoff was worth it to try a Solo, but they're very well liked. Feitian also sells a super cheap "OpenSK" key, which uses google's "OpenSK" security key firmware. This is an older reference security chip paired with open source software that is regularly updated by google and other 3rd parties. Do not get an OpenSK product intending to use it for production security. If you're interested in writing code for something like the Solo key or the Feitian OpenSK key, great choices. Just don't get tempted by the low price and try using it as a real key. If these were a hundred bucks each and the Solo was a quarter that price, I'd take the tradeoff.

No reason to think this wouldn't work on a PC or Android, but I've tested so far on my MacBook Pro (work), MacBook Air (personal), and iPhone. I do wish Apple would put NFC in their laptops for better convenience, but that's not a reason to knock THIS product. Works great via the USB-C port, and on the iPhone, works great via a quick NFC tap to the back of the phone. I use this on my Mac via a CalDigit Thunderbolt dock, and it works just fine through the USB-C port in that dock, which is convenient.Now we just need more web sites to support FIDO for two factor authentication!