yes, that is for "usernameless" login, in addition to passwordless. Does not increase security, improves usability a bit
Sorry I was not clear. Cards have NFC in any case. What is missing in cards is USB
JavaCardOS can run in a USB-form factor as well. But that will not be 5USD. https://usasmartcard.com/usb-token/?page=1 In addition to FIDO2, you can add java applet for OpenPGP (also open source), TOTP…
Not $1, but you can get a JavaCardOS card and upload a FIDO applet yourself https://github.com/token2/pin_plus_firmware https://github.com/BryanJacobs/FIDO2Applet Probably will cost 5USD
There are systems supporting WebAuthn as the primary method, such as Gmail or M365. The systems requiring OTP or SMS as a backup are just examples of bad security design. Still, even if you have OTP as a backup, and…
Factory-programmed ones are for systems supporting secret key import, i.e. Microsoft Entra ID . It is not for replacing your Authenticator apps (although based on the same algorithm, TOTP).
FIDO2 Security keys should be considered good "hardware tokens" now , more phishing-resistant than TOTP
Small clarification: SSH functionality is a part of FIDO stack (if you meant ecdsa-sk & ed25519-sk )
There are fido2.1 keys with 300 resident key storage : https://www.token2.com/shop/category/pin-release2-series
In case anyone is looking for a desktop app to replace Authy, the authy-migration tool from token2 supports exporting TOTP seeds in WinAuth compatible format (use .wa.txt for export file name). Then in WinAuth…
An offtopic - since you mentioned hardware. It is better to invest in phishing-resistant FIDO2 devices and try to avoid OTP wherever possible.
ssh and pgp keys are not based on the similar functionality. the keys from Token2 support *-sk key storage https://www.token2.com/site/page/using-token2-fido2-security... But not PGP
yes, that is for "usernameless" login, in addition to passwordless. Does not increase security, improves usability a bit
Sorry I was not clear. Cards have NFC in any case. What is missing in cards is USB
JavaCardOS can run in a USB-form factor as well. But that will not be 5USD. https://usasmartcard.com/usb-token/?page=1 In addition to FIDO2, you can add java applet for OpenPGP (also open source), TOTP…
Not $1, but you can get a JavaCardOS card and upload a FIDO applet yourself https://github.com/token2/pin_plus_firmware https://github.com/BryanJacobs/FIDO2Applet Probably will cost 5USD
There are systems supporting WebAuthn as the primary method, such as Gmail or M365. The systems requiring OTP or SMS as a backup are just examples of bad security design. Still, even if you have OTP as a backup, and…
Factory-programmed ones are for systems supporting secret key import, i.e. Microsoft Entra ID . It is not for replacing your Authenticator apps (although based on the same algorithm, TOTP).
FIDO2 Security keys should be considered good "hardware tokens" now , more phishing-resistant than TOTP
Small clarification: SSH functionality is a part of FIDO stack (if you meant ecdsa-sk & ed25519-sk )
There are fido2.1 keys with 300 resident key storage : https://www.token2.com/shop/category/pin-release2-series
In case anyone is looking for a desktop app to replace Authy, the authy-migration tool from token2 supports exporting TOTP seeds in WinAuth compatible format (use .wa.txt for export file name). Then in WinAuth…
An offtopic - since you mentioned hardware. It is better to invest in phishing-resistant FIDO2 devices and try to avoid OTP wherever possible.
ssh and pgp keys are not based on the similar functionality. the keys from Token2 support *-sk key storage https://www.token2.com/site/page/using-token2-fido2-security... But not PGP