lego James Bond Approves the Feitian FIDO 2 USB-C Security key

Review: Feitian FIDO2 security key

Disclaimer: This post is sponsored with the Security key itself, but reflects my personal opinion and review of the Feitian ePass FIDO K40 Security key, and is not reviewed or moderated by Feitian Technologies.

In mid-February I was thinking about buying a new FIDO2 Security key that supports USB-C because now most of the laptops, and the equipment I work with come mostly with USB-C ports as they are more convenient, take up much smaller space and you can fit more USB-C ports in smaller and thinner laptops, so I thought to myself that It would be good to have one for USB-A with NFC, and one for USB-C with NFC, as my previous FIDO2 key only supports USB-A and NFC, I looked at few USB-C keys but decided to put my search for a new key on hold and didn’t make it a priority.

A few days later I saw a post on LinkedIn where Feitian Technologies was looking for people to test out their FIDO2 Security Keys and in return write about it on their blog sites, and I saw that few people were commenting on the post saying they would gladly test out their keys so I thought to myself that why not commenting as well and see where that leads me.

After a few days, I was contacted by Feitian Technologies and they asked If I would like to test out their FIDO2 Key and in return write an honest review on my blog site, and here we are, I got a FIDO 2 Security Key from Feitian that supports USB-C and NFC sent to my address with express delivery.

But Haflidi, what the heck does FIDO or FIDO 2 stand for?

FIDO2 is an open authentication standard that enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. It consists of the W3C Web Authentication specification (WebAuthn API), and the Client to Authentication Protocol (CTAP). FIDO2 security keys are an unphishable standards-based passwordless authentication method that can come in any form factor. Fast Identity Online (FIDO) is an open standard and a certification for passwordless authentication.

So now that you know what FIDO and FIDO2 stand for I can say I’m impressed with the Feitian FIDO2 key itself, it’s small, sturdy, and looks like it can handle almost anything as well as the washer.

Setting up and configuring the key is a rather simple task but I highly recommend that you configure your PIN on the Security key before you assign it to any other web services or logins such as Azure Active Directory.

There are several options to set your FIDO2 PIN, you can download the Feitian SK Manager software that will give you more information about the key and more configuration possibilities, but remember on Windows when installing the software you need to run both the installer and the software itself with elevated permission to install and manage the FIDO2 PIN, Login Information, etc., you can use the Windows built-in Security Key manager to handle the PIN and configure it through Settings > Accounts > Sign-in options > Security Key, there you do not need specific elevated permissions, or if you are using Chrome on macOS and Linux you can use the Chrome built-in Security Key Manager.

The Feitian SK Manager tool supports both Windows and macOS, the pros about the software are that it allows you to do more management on your key, like managing what login information is saved to the key and other modules like PIV, OTP, U2F, and OpenPGP, depending on what is supported on your key, but the cons are at least on Windows you need to run the Software in elevated mode and that option is not always available without adding the software to allow list on managed devices that do not allow elevated privileges.

What I love about these modern security keys is that you can have multiple logins added to the key and adding the security key to supported web services like Azure Active Directory, Microsoft Account, and multiple password managers as an MFA (Multi-factor authentication) option is an easy few step process, and even some of them allow you to use the key for Passwordless sign-in.

Remember before setting up the web services, you need to set up the PIN first using one of the methods mentioned here above.

e.g. to add the Security Key as an MFA / Passwordless login on your Work or school account in Azure Active Directory on Windows, given that your Organization has allowed that option.

1. Go to the My Account Page and sign in if you haven’t already done so.

2. Select Security Info, select Add method, and then select Security key from the Add a method list.

Dialog | Adding a method for Multi-factor authentication (MFA)

3. Select Add, and then select the type of security key you have, either a USB device or an NFC device.

Dialog | Choosing a type of security key for Multi-factor authentication (MFA)

4. Make sure you have your security key physically available, and then on the Security key page, select next.

5. In the Setting up your new sign-in method page, select Next, and then:

  • If your security key is a USB device, insert your security key into the USB port of your device.
  • If your security key is an NFC device, tap your security key to your reader.

6. Type your unique security key PIN that you set up earlier using one of the above methods into the Windows security box, and then select OK. You’ll return to the Setting up your new sign-in method box.n

7. Select Next.

8. Return to the Security info page, type a name you’ll recognize later for your new security key, and then select Next.

Dialog | Naming the Security key for Multi-factor authentication (MFA)

9. Select Done to close the Security key page. The Security info page is updated with your security key information.

Now you can use your Security key as one option to authenticate to your work/or school account using multi-factor authentication (MFA)

To set up the security key for Passwordless sign-in you can check out this Microsoft Learn page: Passwordless security key sign-in – Microsoft Entra | Microsoft Learn

Feitian Technologies is part of the MISA (Microsoft Intelligent Security Association) and is offering “Path to Passwordless” sample kits for qualified Enterprise level organizations, check out the link here: PathToPasswordless | FEITIAN (ftsafe.com)

That concludes today’s post, hope you’ve learned something new about the FIDO2 Certified Security keys, and especially the Feitian FIDO2 USB-C key.

If you want to check out the Feitian FIDO Security keys you can have a look here: FIDO Security Keys | FEITIAN (ftsafe.com)

As always if you liked the post, please hit the like button, or leave a comment and hit that share button to get the information out to as many people as possible.


Discover more from Azureviking | Haflidi's Technical Insights

Subscribe to get the latest posts sent to your email.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.