FAQs on Security Keys and Tokens
FIDO (Fast Identity Online) is a set of standards and specifications developed by the FIDO Alliance to provide an alternative solution to traditional password authentication schemes. FIDO security keys are hardware-based security keys that support the FIDO specification to ensure the security of web service accounts.
For an overall tutorial of U2F and UAF, please see the below document from FIDO: U2F & UAF Tutorial.
FIDO 2 is comprised of the W3C Web Authentication specification and corresponding Client-to-Authenticator Protocols (CTAP) from the FIDO Alliance. FIDO2 supports passwordless, second-factor and multi-factor user experiences with embedded (or bound) authenticators (such as biometrics or PINs) or external (or roaming) authenticators (such as FIDO Security Keys, mobile devices, wearables, etc.).
Traditional password authentication schemes have several security and usability issues. Using simple passwords for multiple sites poses security risks, such as phishing and MITM attacks. Using complex passwords also poses usability issues and frequent password resets. FIDO Security Key provides a secure authentication solution for online accounts using public-key encryption. The Security Key will create a new set of key pairs to increase security.
Based on FIDO2 standard, FIDO2 certified security key allows users achieve passwordless authentication with the combination of Azure Active Directory (or office 365 accounts) on your PC and Web services without typing anything.
If someone get the security key, don’t worry. They cannot access your account without your user name, password or Biometric. The dedicated users can still logon to the account by using backup security key or other method. Then user can disable the lost security key and provision a new key.
If someone tries to use your security key, more than fifteen errors will automatically lock them out.
Best practice is always to ensure that you register more than one security key. Most web sites that accept FIDO2 or U2F allow you to register more than one key. This gives you a backup should you lose a key.
Usually, user need to login to their accounts as normal. Then go to account settings/security and choose multi-factor authentication and then choose set up security keys.
Note: Different web applications may have different account settings structure.
The first step of using FIDO authentication is to provision security keys into your account. For most web services, it is required to register your security key on PC via USB. To provision the security key with your account, please follow the steps below:
- Authenticate you account as normal with PC and a WebAuthN supported browser.
- Go to account settings – sign method – 2 step verification or something similar.
- Select set-up security key, plug in the security key and follow the pop up instructions.
The compatible services and detailed site-by-site authentication services can be found at Compatible Service Catalog.
After provisioning the security key via PC, user can authenticate to their account passwordlessly or as a strong second factor with the security key. The steps authenticate to account may be different across web services and platforms.
Authenticate with PC
For Passwordless Authentication, user can click “sign-in with security key” in the sign in window, then follow the pop up instruction of authentication.
Two Step Authenticcation, users are required to type authentication with username and password as usual, then the two step verification window will pop up, user follow the pop up instruction to finish authentication.
Authenticate with Bluetooth Mobile Device
User first trigger the authenticate request on WebAuthN supported browsers or application first, Then attach the security key with the bulit-in NFC sensor (via NFC) or turn on the device and perform follow up action (via Bluetooth).
ThinC-AUTH is USB based Security Key with Biometrics. The device is FIDO2 certified and is Microsoft compatible. ThinC-AUTH is suitable for secure passwordless authentication to multiple FIDO2 enabled web applications and Microsoft Windows 10 Rel 1903 or higher versions.
- Enroll your fingerprints to the device. You can either use the built-in configuration tool in Windows 10 Rel 1903 or you can download a configuration tool from Ensurity website — https://thinc.ensurity.com/#downloads.
- Register your ThinC-AUTH Security Key with the account you want to secure. Or activate the device by registering with ThinC-AUTH tool or Windows 10 Ver 1903.
- Whenever you sign-in to your web account or Windows PC, simply insert the security key into a USB port, and when prompted and tap on the fingerprint sensor with your registered finger to complete the authentication.
Yes, and we definitely recommend that you do. Most sites that accept FIDO2 and U2F allow you to register more than one key. This gives you better flexibility should you lose a key.
With the right data standard, USB-C is much faster and more versatile than USB-A. In time, you can expect USB-C connections to replace all older USB-A connections and other ports. This switchover will, however, probably take years.
For now, USB-A tends to show up alongside USB-C in many computers, primarily due to compatibility issues. People still have older smartphones, beloved controllers, receivers, TVs, keyboards, and all manner of peripherals that require a USB-A/B connection.
We're an India based ecommerce site for all major security keys and tokens available. Our objective is to provide the buyer as much variety and affordability in purchasing the security tokens.
With our tie-up with Paytm, through which we also accept all major credit/debit cards, netbanking, and UPI payment options.
We have delivery tie-ups with the best courier companies and try our best to ensure timely delivery. Yet due to the current situation there may be a delay in some cases, for any extended delays in delivery, you can contact support@thesecuritykey.com
There is limited support needed for the use of these products, yet if there is any support related query you may have, kindly contact us support@thesecuritykey.com.
Currently we don’t accept any returns or refunds.
There is a standard warranty of 1 year for most of the products, unless specified otherwise. Warranty is against standard manufacturing defects and does not cover physically damaged products.