-
Notifications
You must be signed in to change notification settings - Fork 3
/
dongles.html
150 lines (101 loc) · 8.97 KB
/
dongles.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
layout: default
title: 2FA Dongles (USB Dongle Authentication Devices)
description: List of our top recommended multifactor dongle authenticators. Find the best hardware authenticator for you in this exhaustive list.
---
{% include header.html page='dongles' %}
<div class="banner ui center aligned icon header">
<img src="{{ site.uri }}/img/usb_stick.png" class="icon" alt="USB Stick">
<h2>2FA Dongles (USB Dongle Authentication Devices)</h2>
<div class="sub header">
List of <a href="https://en.wikipedia.org/wiki/Multi-factor_authentication">2FA</a>
dongle providers and the platforms they support.
</div>
<div class="sub header">
Also see the list of <a href="/">sites offering 2FA</a>.
</div>
</div>
<div class="ui main container">
<div id="{{ provider.name }}" class="section">
<table class="ui table celled content-wrapper">
<thead>
<tr>
<th class="single line four wide"><h2>Dongle</h2></th>
<th class="two wide">One Time Passwords (OTP)</th>
<th class="two wide">Universal 2nd Factor (U2F)</th>
</tr>
</thead>
<tbody>
{% assign sorted_providers = site.data.providers.providers | sort: 'name' %}
{% for provider in sorted_providers %}
{% if provider.u2f or provider.otp %}
<tr>
<td class="main positive">
{% if provider.img %}
<img src="{{ site.uri }}/img/placeholder.png" data-src="{{ site.uri }}/img/providers/{{ provider.img }}" class="icon" alt="{{ provider.name }}">
<noscript><img src="{{ site.uri }}/img/providers/{{ provider.img }}" class="icon" alt="{{ provider.name }}"></noscript>
{% endif %}
<a class="{{ provider.class }}" href="{{ provider.url }}">{{ provider.name }}</a>
</td>
<td class="positive icon">
{% if provider.otp %}
<i class="checkmark large icon"></i>
{% endif %}
</td>
<td class="positive icon">
{% if provider.u2f %}
<i class="checkmark large icon"></i>
{% endif %}
</td>
</tr>
{% endif %}
{% endfor %}
</tbody>
</table>
</div>
<br>
<br>
<h2>Description of Devices</h2>
<br>
<h3 id="-ewbm-trustkey-https-trustkey-kr-en-main-form-"><a href="https://trustkey.kr/en/main.form">eWBM TrustKey</a></h2>
<p>TrustKey is a Korean based hardware authentication company. TrustKeys are also the world’s first authentication device to receive FIDO2 Level 2 security certifications from the FIDO Alliance.</p>
<p>TrustKeys utilize an eWBM’s MS500 microprocessor with strong security features, such as built in storage to encrypt fingerprint data used to authenticate the device. </p>
<p>TrustKey is also compatible out of the box with Microsoft Azure AD.</p>
<h3 id="-iepass-fido-https-www-ftsafe-com-products-fido-ios-"><a href="https://www.ftsafe.com/Products/FIDO/iOS">Feitian Technologes iePass FIDO</a></h2>
<p>The iePass dongle is an MFi & FIDO2 certified Security Key that is compatible for both USB-C and Apple lightning connections.</p>
<p>This allows the iePass to stand out among its competitors since it’s port fits most devices. </p>
<p>iePass FIDO utilizes a CC EAL6+ Certified secure element which stores all credentials securely inside, preventing an attacker from stealing the credentials either through cyber or physical attack. </p>
<h3 id="-hypersecu-https-www-hypersecu-com-products-"><a href="https://www.hypersecu.com/products">Hypersecu</a></h2>
<p>Hypersecu is a Canadian IT security company based in Richmond, British Columbia.</p>
<p>Their advanced HyperFIDO Pro product is RSA ready and compatible with Microsoft Azure AD.</p>
<h3 id="-ledger-http-tidd-ly-1aabe9a3-"><a href="http://tidd.ly/1aabe9a3">Ledger</a></h2>
<p>Ledger is a hardware wallet device normally used to store cryptocurrencies like Bitcoin. </p>
<p>However, Ledger has recently allowed users to store other forms of sensitive data on their devices’ secure element. These include passwords and credentials.</p>
<p>This means that the Ledger can make an awesome dongle authenticator. However, we wouldn’t recommend you use the device to store crypto AND passwords. Get a second Ledger if you want to do both. </p>
<h3 id="-nitrokey-https-www-nitrokey-com-"><a href="https://www.nitrokey.com">NitroKey</a></h2>
<p>NitroKey is a Berlin, Germany based IT security hardware company. </p>
<p>With the exception of Yubiko’s Yubikey, NitroKey is probably the most famous hardware authentication product on the market and has out-of-the-box integrations for all the most popular platforms and software. </p>
<h3 id="-onlykey-https-onlykey-io-collections-all-products-onlykey-color-secure-password-manager-and-2-factor-token-u2f-yubikey-otp-google-auth-make-password-hacking-obsolete-variant-469626486828-"><a href="https://onlykey.io/collections/all/products/onlykey-color-secure-password-manager-and-2-factor-token-u2f-yubikey-otp-google-auth-make-password-hacking-obsolete?variant=469626486828">OnlyKey</a></h2>
<p>OnlyKey makes its name by trying to improve on the very famous Yubikey in just about every way.</p>
<p>It can store up to 24 site passwords, usernames, and OTP accounts. It can function as a hardware auth key and supports OTP2 authentication. And, it also offers a device PIN, which means if someone steals your OnlyKey, they won’t be able to use it to attack your accounts without knowing the PIN. </p>
<p>The firmware is also completely upgradeable, as opposed to having to replace the hardware when new firmware is released and all software is completely open source. </p>
<h3 id="-solokeys-https-shop-solokeys-com-"><a href="https://shop.solokeys.com">SoloKeys</a></h2>
<p>Solokeys feature many different versions to fit any port you need, and some even feature NFC chips for wireless authorization. </p>
<p>Solokeys operate on the FIDO2 standard, which means you are getting the most up-to-date encryption methods for your auths on the market. </p>
<p>It also features a TRNG (True Random Number Generator) on its chip to make sure keys are actually randomly generated. The keys themselves are generated off-chip and stored in write-only memory, which means they cannot be read except by the off-chip peripheral itself, protecting them from leaking. </p>
<p>Finally, the chip features temperature and voltage sensors to make sure that if any physical tampering occurs, the contents of the chip are deleted. </p>
<p>They are also priced very nicely and have lots of great documentation to help you get your new set up sorted quickly. </p>
<h3 id="-titan-security-key-https-cloud-google-com-titan-security-key-"><a href="https://cloud.google.com/titan-security-key/">Titan Security Key</a></h2>
<p>The Titan Security Key is a hardware authentication device manufactured by Google. </p>
<p>What makes the Titan unique is that they utilize a hardware chip with special firmware developed by Google make sure keys have not been tampered with. This includes physical attacks on the hardware so that someone who finds your Nitrokey can’t extract the keys by hand.</p>
<p>As with all google products, the build quality is good and you know you are dealing with a very public, reputable company, but google does not have the best privacy history, so keep that in mind as well. </p>
<h3 id="-trezor-http-buybitcoinww-co-trezor_t-"><a href="http://buybitcoinww.co/TREZOR_T">Trezor</a></h2>
<p>Like Ledger, Trezor is mostly known for being a cryptocurrency hardware wallet. </p>
<p>This is a good thing, because hardware wallet manufacturers are typically the best manufacturers there are when it comes to storing valuable digital secrets on hardware. </p>
<p>However, unlike Ledger, Trezor has very easy-to-use software if you want to use their device as a hardware two-factor. </p>
<p>That said, Trezor does not feature a secure element, which means the device is vulnerable to physical attacks. </p>
<h3 id="-yubico-yubikey-https-yubico-com-"><a href="https://yubico.com">Yubikey</a></h2>
<p>Yubikey is perhaps the most well-known OTP and FIDO hardware authentication device on the market. </p>
<p>You might even say they invented the category (or at least popularized it).</p>
<p>Yubikey features many different products with varying levels of security and connection types (UBC-A, USB-C, lightning, etc.). Whether you are just using it to protect your social media accounts or securing access to nuclear launch codes, yubikey probably has a device for your needs, and they have a great track record for security. </p>
</div>