I wonder, are there any working SSH clients on iOS that can handle ed255519_sk keys?

(That’s the variant where you have a public and private key part however the private key links to a residential key on an external FIDO2 security token. You plug in the token or use NFC, enter the pin and confirm with a touch)

#ssh #fido2 #token2 #iOS #ed25519

I am working on the upcoming security key reviews, including a review of Token2's biometric key, Token2 PIN+Bio3, for a future video.

I know many of you view biometrics as a convenience (or a privacy risk), I want to give Token2 praise for the Bio3.

For users with tremors, Parkinson’s, or cerebral palsy, typing a 20+ character passphrase without a typo can be a physical barrier to security.

A fingerprint sensor isn't lazy, for many it is the only accessible way to be secure.

#Token2 #Accessibility #Security #FIDO2 #Privacy #TerminalTilt #GNULinux #GNU #Linux #FOSS #OpenSource

To contrast Paypal with Cloudflare, this is how you do it correctly.

I was able to enroll all three of my hardware keys ( @nitrokey , @yubico , and Token2) without issue. No one key limits and no being forced into software backups.

When a platform actually respects FIDO2 as a standard, you can have true hardware redundancy.

Of course, I will mention all of this in my upcoming security key series.

#CyberSecurity #FIDO2 #Nitrokey #YubiKey #Token2 #Hardening #TerminalTilt #Cloudflare #Privacy #Security

Is it 2026 or 2006? I just went to harden my PayPal account with my new review units.

Turns out, PayPal still only supports one physical security key. No backups allowed. If you want redundancy, they force you back to TOTP apps or (worse) SMS.

#CyberSecurity #FIDO2 #Yubico #Nitrokey #Privacy #Security #TerminalTilt #FinTechFail #Token2 #Banking #Money

@pink @nitrokey @yubico

UPDATE #2: The Trifecta is Complete!

I’m thrilled to announce that Token2 is joining the upcoming security series!

I am aligning the Token2 review with their core mission: The death of legacy TOTP.

While many users still rely on codes, Token2 is pushing for a 100% phishing resistant future. We will be focusing exclusively on their Open Source, publicly audited FIDO2 stack. This is a massive win for the #FOSS community. Hardware that is both auditable and explicitly designed to move us past insecure, legacy protocols.

The Comparison is now set:

Yubico: The Industry Giant (Closed Source).

Nitrokey: The Open Hardware Veteran.

Token2: The Audited Open FIDO2 Specialist.

Thank you for the boosts! :tux:

#FOSS #CyberSecurity #Token2 #Yubico #NitroKey #Linux #TechReview #Transparency #TerminalTilt

Finally finished the #Framework expansion card design for the #Token2 FIDO2 security key.

https://blog.tinned-software.net/framework-expansion-card-for-token2-t2f2-security-key/

Oh wie schön, die Deutsche Telekom #dtag bietet beim Login gleich das Hinzufügen eines #Passkey an.

Leider ist mein Gerät nicht für Passkeys geeignet, ich kann also weder einen #Yubikey, #Token2 oder #Thetis via #Firefox oder #Chrome ausrollen.

Da muss man sich in der Implementierung schon richtig Mühe geben, um Hardware-Passkeys auszuschließen.

#Passfail

When setting up a new hardware key, this feels very insecure. I’m entering the new PIN for it into my browser of all things… What is the recommended way to set a PIN on a #YubiKey and #Token2 using a Mac or Linux machine?

Pünktlich zum #39C3 habe ich mein #Hardwaretoken #Howto erweitert um
#OpenSSH #Authentifizierung.

Ich zeige wie man sich an #SSH Servern einloggen kann mittels #FIDO2 Device Bound #Passkeys à la #Yubikey, #Nitrokey, #Token2 #Thetis etc.

Damit liegt der geheime Schlüssel im Passkey-Token und kann nicht ohne weiteres ausgelesen werden.

Außerdem zeige ich noch wie man einen 2. externen OpenSSH-Server nur für die Hardwaretoken konfiguriert.

Viel Spaß am Gerät

https://www.cryptomancer.de/posts/20251225-opensshfido2/

#Passkeys are everywhere nowadays
#windowshello #fido2 #androidpasskeys #token2

I myself switch to passkeys for any supported service. Have a look here if your services are supported: https://www.passkeys.io/who-supports-passkeys

Understanding why they're more secure and why they are able to be used in so many different shapes is not as easy.

Computerphile just released a greate video about the technology and the authentic flow:
https://www.youtube.com/watch?v=xYfiOnufBSk

Ich habe eine kurze bebilderte Anleitung geschrieben wie man mit #Kleopatra und #GnuPG #OpenPGP Schlüssel direkt auf #Smartcards wie #Yubikey #Token2 oder #Nitrokey erstellt

https://cryptomancer.de/posts/20251207-openpgp-smartcards/

Upgraded from iPhone 12 Pro Max to an iPhone 17. What I do like is the USB-C port. Now my #Token2 #Passkeys fit directly into the phone (yes, would have worked via NFC too, but that always felt a little quirky). Briefly enabled Apple Intelligence. What a complete trainwreck. Deinstalled after 5 minutes again.

Durch den #CLT2025 Talk zu Passwortlose Logins mit #PassKeys https://media.ccc.de/v/clt25-188-passwortlose-logins-mit-passkeys bin ich auf die #Token2 PIN+ #Securitykeys aufmerksam geworden https://token2.com/shop/category/pin-plus-series
Die DualPort Keys sind wohl sehr nützlich, haben 300 Resident Keys, kommen mit Hülle und kosten nur 26€.
Zur Wasserfestigkeit finde ich leider nichts.
Würde mich über Erfahrungsberichte freuen.
#FIDO2

Has anyone tested (intentional or not) whether the #token2 PIN+ Dual Release3.3 is water proof?

@kkarhan @Wrewdison @nitrokey

Is it worth mentioning #Token2 as a FOSS #yubikey alternative too?

https://www.token2.net/site/page/compass-security-schweiz-ag-completes-independent-public-security-review-of-token2-pin-fido2-security-keys

#FOSS #hardwareKey #2FA #openSource #FIDO

Switching from #Nitrokey Pro 2 with rsa2048 key to #Token2 with ed25519 key means switching from rebasing <2 commits a second to an almost instant rebases.

#Gentoo #git #OpenPGP

mist... hab den Pin meines #Token2 Sticks vergessen und sicherheitshalber auch nicht aufgeschrieben ​:awesome:​

Zum Glück hab ich aber fast bei jedem Account, wo ich sonst noch mit #Fido2 angemeldet bin noch zwei weitere Sticks aktiv.

​:ablobsmile:​

@EricAlper
I have so much time for cheap [more] ethical diamonds.
https://www.zeeman.com/nl-nl/campagnes/diamant
I wonder how small a NFC FIDO2 2FA chip could be shrunk for a necklace? Would look natty.
https://www.token2.com/shop/product/t2f2-pin-release3-typec
#diamond #diamonds #token2 #zeeman #jewellery #art #infosec

Just got my Token2 miniOTP-3-i in the mail. Quite a nice device for people who don’t want to store a particular OTP seed on their phone/pc.

It’s programmed via NFC, with an Android or iOS App: the App will read the QRcode during registration and push («burn») the OTP seed onto the miniOTP card. You can also manually input the seed into the App.
The card can store only one OTP seed.

The display is easy to read, the card is really small and barely thicker than a credit card.

Despite the nice user experience so far, I am really disappointed about the refresh of the code: when the OTP expires, you have absolutely no way to know. The device will not refresh the 6 digits code, you have to turn off and on again the card to refresh the OTP. The default setting turns off the display after 15 seconds, so you can’t have an OTP older than ~ 45 seconds (assuming you press the button in the second before the current OTP expires). As most TOTP verifiers will accept the N-1 OTP it’s not a very big deal. But if your are in a more stringent context where only the current OTP is valid, don’t buy this token.

#TOTP #token2 #miniOTP #MFA #2FA

I didn't buy that Token2 model because of its NFC capability and USB-C connector, but because it's the cheapest #FIDO2 token supporting Ed25519-SK. I did try out using it with my #Fairphone 3 running /e/OS with #MicroG, and it worked fine.

The silicon case I ordered along with the #Token2 key is unfortunately a bit too thick and thereby prevents the key's USB-C connector from being inserted properly into the FP3 if it's wearing its rubber case as well, which makes NFC a bit tricky too.