Everyone hates passwords. They are (unfortunately) a necessary evil in the world of information security. I’m here to tell you that passwordless is no longer a thing of the future (like flying cars). You can use passwordless authentication in Azure AD as your default sign-in. Microsoft has made great strides in this area in the last couple of years.
One of my favorite ways to implement passwordless authentication is using FIDO2 security keys. There are several use cases where this is a great way to implement MFA. Some users are not allowed to use a smartphone in their area (like a clean room or a SCIF). Also, believe it or not, there are people who do not have smartphones either by choice or they can’t afford it. FIDO2 security keys are also hack-resistant against the MFA-bypass method EvilGinx2. I did a podcast episode a couple of months ago on EvilGinx.
I’ve always like Feitian’s FIDO security keys. They were one of the first on the market to use biometrics in their keys. I purchased two of the K27’s a couple years ago and they have worked flawlessly.
Recently, they’ve updated their product line and there are a bunch of new models. Feitian sent me a couple to test.
The K26 is an updated model from the K27 that uses USB 3.0 instead of USB 2.0. The K9 is great because it uses USB 2.0 and has NFC capability. The K44 is really neat with both USB 3.0 and an Apple Lightning connector built in for authentication on an iOS device. The K28 is nice because sometimes having a USB device sticking out of your machine is just asking for someone to walk by and accidentally break it off.
On Windows, there’s an app in the Windows Store called BioPass FIDO2 Manager that you use to manage the PIN and fingerprints on the security key. You can get their Mac client by going to their support page. On iOS, there’s the iePassManager app that you can use to manage the PIN right from the iOS device.
Overall, I’ve been very happy with the Feitian FIDO2 devices. My personal pair of K27’s have lasted me over 2 years without an issues and I really like how Feitian has diversified their product line to include NFC, USB 3.0, and even Lightning connectors. If you’re in the market for some FIDO2 security keys, definitely give them a try!