FIDO2 / U2F Security Key and Hardware Password Manager | Universal Two Factor Authentication | Portable Professional Grade Encryption | PGP/SSH/Yubikey OTP | Windows/Linux/Mac OS/Android

Working in fields where confidentiality is a must and security is required by law, this is an awesome tool. For something that doesn't have biometric access, it's wonderful.First, its software and implementation is robust. For passwords, it's basically a keyboard emulator. As long as it can plug into a USB port, it'll type in the password you set. It doesn't need special drivers.Second, it's fail-safe. Forced-entry attempts will wipe out the memory. You only need to memorize 2 or 3 numerical sequences to access it, and they're short ones. Just come up with numerical rhymes or even a set of "dance steps" over the six buttons. If you need to rotate passwords every so often, then as long as you can store a random string in a secure location (even if it's a piece of paper you can lock away) this will let you carry that password without anyone knowing what it is.I dinged it one star, though, because there's something of a learning curve to set it up. If you make a mistake, it won't damage the key, but some newbie users may panic. Lock yourself out during setup? You can reset and try again. Oh, and you can generate encrypted backups of the password data.A few things that would improve the product:-A firmware upgrade to add in a random string generator, perhaps a "floating pin" exposed to ambient EM noise, for password generation. It wouldn't directly update the password, but just provide something a user can pick from.-An extension socket for convenient use. This is a solid device, so I'm worried about breaking any port I use when I tap my PIN.-Some additional programming options for login macros. Sometimes you need to hit the tab key more than once to get into a login or password field.

YES, BUY THIS KEY, IT IS GREAT, HIGH SECURITY AND NEVER WORRY ABOUT COMPLEX PASSWORDS AGAIN. THE POSITIVES OUT WAY THE NEGATIVES.NEGATIVESLearning curve for people that are good with tech. Definitely should offer a case cover to put entire key inside. I bought a case from another company for key chain.FIDO2 only works for Google, Facebook and other big tech. However, having key to heavily protect only these sites until/unless physical key becomes more standard, for ex. Banks. It's still worth only protecting big tech sites because your life is on them. Making protecting only two or three big tech sites actually very valuable.Plus, that is not only keys fault. Or the fault of any physical private key company. All websites should offer physical private key option. What are Banks waiting for? Big tech offers it because they know it is the most secure option.It's most secure because it's not stored on your computer and you must physically touch key with pin in the only key to use.POSITIVESPassword manager works for everything. That is where learning curve is.THE PDF THEY OFFER IS REALLY GREAT, THEY CLEARLY CARE ABOUT THE PRODUCT AND THE CUSTOMERS UNDERSTANDING OF WHAT ALL OF THIS SECURITY STUFF IS.Is this key worth having. I recommend everyone get one. It's hard to get hacked or have identity stolen if you are using this key. DO NOT SET A BACK UP WAY TO GET INTO GOOGLE OR FACEBOOK. THAT WOULD MAKE HACKING YOUR FB GOOGLE EASY. IF PHYSICAL PRIVATE ONLY KEY IS THE ONLY WAY IN THEN HACKERS ARE NOT GETTING IN. BUY TWO OR THREE OF THESE. MIRROR THE KEYS INFO AND PUT ONE KEY IN SAFE. I highly recommend this physical key. The learning curve is worth the trouble.

The device is working overall, but it needs a lot more polish. The current firmware is version 0.2 beta and was last updated about a year ago. So, the interface and setup is not user friendly and the work on this is quite slow.First, what's working. First of all, I am working on Linux and that's what I've tested this on. I have yet to test it on android fully. I tried it out for a bit and it seems to work similar to the way it does in a computer.The password manager is great. You hit the button, and it types out everything you need, even a web site if you want it to. It is a bit of a process to set it up, but once you figure it out - it works fine. It also works great as a U2F and FIDO2 token, but it took me a few tries to get it right. Also it appears that U2F and FIDO2 support is scarce and you will hardly be able to find anything that supports it other than few large services (like Microsoft and Google). But At least you can use it to log into your laptop in public space, so that's a plus.Now, the bad. First, physical appearance. It seems sturdy and kinda heavy, but it also looks shabby and rough like someone is making it in their basement or something. Look at the photo, it's not even cut in the right angle, but has a curve. And the layers feel like they are going to peel off with time. Second big problem - location of the LED. You have to rely on the LED in order to work with it. For example - if LED is off, you have to enter the pin, if it shines blue, you have to hit a button for U2F. The problem is that the LED is on the back while the buttons are on the front. It works if you plug it in the front of a tower, but if you use it with a laptop - not so much. I understand this was the reason they made LED super bright to the point it I am worried it will burn my eyes out if I look at it directly (it's quite bright even on the lowest setting). They want it to illuminate the space so you can see what color it is and if it's on or not. But this is just crappy design. I don't want to have it plugged in and flash at me all the time with bright light. Having a large blob of light in your laptop would be quite detracting (or alternatively, you would have to keep plugging and unplugging it every time you want to log in somewhere) .If you are getting it for Yubikey OTP, then don't. You can generate Yubikey OTP with this device, but they are not going to be validated against YubiCloud. It's probably Yubikey's fault for changing something on their end since the firmware for this module was released, but the fact is - right now it's not working. To have a chance of this to work, you have to actually buy Yubikey, modify it's OTP key settings to be the same as this device (easy to do, but kind of ruins Yubikey validity), and then - register that Yubikey on their YubiCloud (at the moment you cannot upload the data without the actual Yubikey). And that is not going to guarantee it working. At best I can tell that it has 50/50 chance to either work or not at all. Sometimes when I test it - I can validate keys, and other times - it doesn't. In addition, Yubikey can revoke your registration altogether, so good luck with that. The best way I guess is if you host your own authentication service for Yubikey... So in summary, it can act as a backup Yubikey OTP generator for a Yubikey you have reprogrammed already. But if you try to keep your original "proper" generator in your Yubikey, then this feature will be useless as you would not be able to set it.In addition, if you want to use it for Google Authentication TOTP, it only conditionally works. It requires either the OnlyKey App to be running on the device, or you have to connect to the OnlyKey web site so that they can provide this device with a time in order to generate Google Authenticator (or TOTP) token. Why can't you query hardware clock/system time? Or at least provide an option for it, maybe as a fallback. The TOTP generation does work well when you meet the conditions, though.There are also seem to be several cycles or modes OnlyKey goes through. For example, you can't enter the pin until several seconds has passed after you plug it in, and you have to see the LED to indicate to you when it's ok to start entering the pin. If you attempt to enter the pin before that it won't work. There seem to be some other cycles that are not indicated and you can't enter the pin. So at times you try to interract with the key and it just doesn't behave the way you expect, and my guess is that it goes through some kind of internal state change at the moment you try to interact with it. I also had OnlyKey disconnect from the App when something attempts to use it, and then I would have to unplug and replug it for it to reconnect.I haven't tested how well it works with PGP and SSH because I don't have the need for it. I did test with their provided web service and it worked fine (webcrypt for files and data with keybase). But you would need a software that can work with the OnlyKey in order to encrypt/ files for you and the support doesn't seem to be there yet (so you would be kind of forced to use their service or write your own).Overall it is quite useful for the password management and for U2F features. Pin protection is also great, so even if it's lost - there is a measure of security. Still needs a lot of work, though for the interface in the app and user-friendliness. Also should have a bit better setup guide for some of the features.I also was going to mention that even though it is supposed to work with Android, it does not support NFC, but the manufacturer in one of the questions said that NFC does not provide enough power for it to work properly. I guess I can accept that. I just hope that all that power requirement doesn't go into powering the LED. A little more power to that LED and it would start shooting lasers