Newsletter heise-Bot heise-Bot

Passkeys: FIDO2 security key with space for 300 passkeys

The FIDO2 security key T2F2-Pin+ Release2 from Token2 is inexpensive and offers space for 300 passkeys.

Save to Pocket listen Print view
Token2 T2F2 -PIN+ Release2

The Token2-FIDO2 security key is very small, lightweight and can cope with brief contact with water. The passkey memory is manageable.

(Bild: heise online / dmk)

5 min. read
Security
By
Contents
This article was originally published in German and has been automatically translated.

The FIDO2 stick with the somewhat unwieldy name "T2F2-PIN+ Release2" from Token2 stores 300 passkeys and is therefore well ahead of the competition from Yubico, Google & Co. The stick also stands out positively in other respects, as it can be conveniently managed and the stored passkeys can be listed and deleted - a function that we sorely missed on Google's Titan stick. The stick is optionally equipped with USB-A, USB-C or both at the same time and also offers NFC.

Passkey management

The FIDO2.1 Manager GUI also allows you to manage the passkeys that are stored on the T2F2-PIN+ R2. They can be listed and deleted.

(Bild: Screenshot / dmk)

The manufacturer Token2 offers various tools for management and diagnostics, such as the FIDO2.1 Manager for Windows. This can be used to list and delete the collected passkeys. Linux and macOS users can manage their passkeys with Google's Chrome web browser, for example. The URL chrome://settings/securityKeys provides the necessary settings. The stick supports the current FIDO2.1 standard and therefore also the current Client to Authenticator Protocol (CTAP) 2.1, which specifies the management functions.

Google's Chrome web browser can be used to manage the passkeys stored on the FIDO2 stick under Linux and macOS.

(Bild: Screenshot / dmk)

The Windows command line tool fido-manager.exe lists the properties of the stick in detail. The Token2 stick supports extensions such as hmac-secret and the ES256 and EdDSA algorithms. The tool also provides interesting information about FIDO2 sticks from other manufacturers.

The FIDO Alliance behind the FIDO2 standard recognizes several security levels according to which an authenticator such as a FIDO2 stick is certified. The T2F2-PIN+ R2 stick has currently reached the minimum level L1, as have most of its competitors. As the manufacturer explained to heise online, it is currently examining whether a level 2 certification is worthwhile: A higher certification level would only cost more, but would not guarantee better security.

The Fido-Manage-Tool reads the information from the T2F2-PIN+ R2 (and other FIDO2 sticks) and enables management on the command line.

(Bild: Screenshot / dmk)

A capacitive button is used to release the passkeys, which only needs to be touched lightly to activate it. A white operating LED lights up there, which flashes when authentication requests are made. A hardware-protected PIN query protects the up to 300 passkeys from unauthorized users. The manufacturer has also built in a PIN complexity function to ensure that PINs that are too simple, such as "111111", are not used.

Many features for the money

With a companion app, further functions of the FIDO2 stick from Token2 can be used. For example, for storing secrets to create one-time passwords (TOTP, HOTP).

(Bild: Screenshot / dmk)

In addition to the passkey memory, the T2F2-PIN+ R2 stick also offers other useful functions. With an additional companion app for Windows and a tool for the command line with an additional GUI under Linux, macOS and Windows, the stick can be used to store secrets for time-based one-time passwords (TOTP) for up to 50 accesses as well as for an HMAC-based one-time password (HOTP). Another secret for HOTP access can be stored using the USB dongle's HID function. The stick is also compatible with the U2F method (FIDO1).

According to the product page, the T2F2-PIN+ R2 security key allows itself 35 mA, while the USB meter only showed 10mA when idle. The integrated flash memory is specified with 100,000 write cycles, the service life should be at least ten years. The USB-C version of the stick is very small, measuring just 42 x 17 x 6 mm and weighing 5 grams. Token2 promises "extended waterproofing", which protects the stick from water ingress thanks to a special coating on the circuit board. However, there is no IPX certification - the T2F2-PIN+ R2 is better left at home or at least in your locker the next time you go to the swimming pool.

The T2F2-PIN+ Release2 stick is available from the Swiss manufacturer Token2 from 23 euros (USB-A). The USB-C version costs one euro more. The most versatile is the version for 26 euros, which is equipped with both USB-A and USB-C. NFC is also always on board. This makes the Token2 sticks relatively inexpensive, but shipping costs of 8.99 euros are added on top. Delivery to Germany takes around a week. It is important to pay attention to the wording "Release2" in the product name when purchasing. Only these sticks come with the large passkey memory.

The T2F2-PIN+ Release2 stick from Token2 is generously equipped: we are currently unaware of any other stick that stores 300 passkeys. This means you should be well-equipped for the coming years if you decide to store passkeys not (or not only) on your computer and smartphone, but on separate hardware. This is currently the most secure option for FIDO2. It's great that you can not only save all the passkeys, but also delete them again without having to reset the entire stick. You don't have to dig deep into your pockets: at a maximum of 35 euros (including shipping) for the fully equipped version with USB-A, USB-C and NFC, the manufacturer has chosen a fair price.

(dmk)

Spiele

nach oben
Alle Angebote
Newsletter heise-Bot heise-Bot