uTrust FIDO2 Security Keys

Part No: 905601, 905601-1, 905602, 905602-2

Identiv’s uTrust FIDO2 Security Keys are assembled in the U.S.A. and provide a simple, strong authentication experience that eliminates the need for passwords.

Downloads


Description Version Date
Mac Drivers v5.0.41 August 2021 Download

Frequently Asked Questions

Please contact sales@identiv.com with additional questions and they will be added to the FAQs.

FIDO (Fast Identity Online) is a set of standards and specifications developed by the FIDO Alliance to provide a solution to replace the traditional password authentication scheme. FIDO Security Keys are hardware based secure tokens that support the FIDO specification to secure web service accounts.
Traditional Password authentication schemes have some security and usability issues. Using simple passwords across multiple sites will create security risks such as phishing and MITM (man in the middle) attacks. Using complex passwords can also bring usability issues and cause frequent password resets. FIDO Security Keys utilize public key cryptography (PKC) to provide a secure authentication scheme to online accounts. The security key will create a new set of access key pairs to enhance the security.
Our key will secure a minimum of 256 FIDO/FIDO2 accounts. This number can vary if also using the OTP or PIV functionality on the key as the secured data can vary in size.
A general overview for securing most FIDO/u2f and FIDO2 accounts/applications has you log into the account/application using your current method (typically, username and password). Then proceed to account settings/security. You then would select multi-factor authentication and choose set-up security keys. Applications have varying steps. You can find more application specific instructions by clicking on the “view docs” button on our Works with uTrust FIDO page.
Best practice is to have at least two keys. One key as a primary key and the second key as a backup key, so that you are not locked out of the accounts you set up.
The keys will work with macOS devices. You just need to confirm that you have the right connector (USB A, C or NFC) on your device. You also need to ensure that the application you are using is a FIDO/u2f or FIDO2 certified application.
No. Neither option is necessary as one key will work with multiple applications as long as they are FIDO/u2f or FIDO2 certified applications. You can also use one key on multiple devices as long as the connectivity is available (USB A, USB C or NFC) depending on the model key you are using. Best practice is to have at least two keys. One key as a primary key and the second key as a backup key so that you are not locked out of the accounts you set up.
You do not register the key with Identiv. You will register the key for use with your Bank of America application, or any other FIDO compatible application (i.e., Google Suites, Microsoft Accounts, Salesforce…). Here is a link to get you started https://www.bankofamerica.com/security-center/online-mobile-banking-privacy/usb-security-key/ Below are some instructions I have outlined as well. Please note that this is for BofA.com and may be slightly different if you are outside the US. To register your key with Bank of America:
  • Log into your BofA account on the website
  • Go to Profile & Settings > Security Center
  • Scroll to and select “Enhance your two-factor authentication” and make sure this is turned “On”
  • Scroll down to “Increase your device security” and find “Additional security features” and click on “Review”
  • You will see “USB Security Key” and click on “Add or Edit”
From here please follow the instructions as you may have to contact Bank of America to obtain a security code to add/remove keys. Bank of America is the only application where I have seen that you must contact a provider directly to register the key here in the U.S. Typically, this is an automated process.
This typically depends on the account/application you are using. Best practice is to have at least two keys. One key as a primary key and the second key as a backup key so you are not locked out of the accounts you set up. Some accounts/applications have a series of emergency one-time access codes that you can store somewhere safely. Other accounts/applications offer authentication through a series of steps to validate that you are you.
The Safari browser supports webauthn and FIDO2, so it will work with any iPhone using NFC. Most of the newer iPhones have NFC connectivity.
Yes, the uTrust FIDO2 keys are compatible with Microsoft Azure and can be found on the Azure support website here.
Yes, uTrust FIDO2 Security keys will work with Apple ID to provide extra protection against phishing attacks. You can use it with USB A, USB C or NFC connectivity depending on your device compatibility.
No. Identiv is an U.S. company and the keys are Trusted American Act (TAA) compliant.
The uTrust FIDO2 keys are not waterproof; however, they are water resistant. If the key is exposed to moisture, you need to make sure the key is thoroughly dry before continuing to use it. Extra caution should be taken with the USB Type-C model because the connector has a hollow middle that can hold in moisture.
When you register the key with an application for the first time you set a PIN. This makes it 2-factor, the key being one factor of something you have, and the PIN being a second factor of something you know.
No, you have the option to add and remove keys to your accounts/applications at any time.
No, the keys do not need to be configured with the uTrust Key Manager before they are used. For new keys, FIDO applications will typically ask that you set your PIN first before proceeding.
Yes. We have macOS support for the uTrust FIDO2 Security Key Manager on our roadmap. It is anticipated to be available in the second half of 2023.
Supported browser: Edge - Windows - FIDO2 Chrome - (Windows / Mac / Linux) - FIDO2 & U2F Firefox - (Windows / Mac / Linux) - FIDO2 & U2F Opera - (Windows / Mac / Linux) - FIDO2 & U2F Safari - MacOS/iOS - FIDO2 & U2F
Yes, as long as your Chrome OS is up to date, you are using a supported browser, and your Chromebook has a USB slot.
Not for FIDO registration. Users self register FIDO keys with each service and can use the same key for multiple services. You can pre-configure user PIV certificates if you so chose.
Based on free, open standards from the FIDO Alliance, Fast IDentity Online (FIDO) authentication enables password-only logins to be replaced with secure, fast login experiences across websites and apps. This is accomplished by using standard public-key cryptography to provide strong authentication and leave zero data at rest.
FIDO U2F is an open standard that provides added security and simplifies Universal 2-Factor (U2F) authentication.
FIDO2 is the term for FIDO Alliance’s newest set of specifications. FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. The FIDO2 specifications are the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).
The FIDO Alliance publicly launched early in 2013 with six member companies. Since then, the Alliance has grown to include over 250 members worldwide. Please see the member list here.
During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a user inserting a uTrust FIDO2 Security Key or pressing the NFC button on the security key.
The FIDO Alliance developed its FIDO2 specifications with the W3C to enable FIDO authentication capabilities to be built into a wider array of devices, platforms, and web browsers. FIDO2 is currently supported in Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari (MacOS) web browsers, as well as Windows 10 and Android platforms.
A security key is a physical device that you can use instead of your username and password to authenticate to FIDO-compatible applications. Since it is used in addition to a PIN, even if someone has your security key, they will not be able to sign in without the PIN that you registered on the key.
Yes. uTrust FIDO2 Security Keys support FIDO U2F and FIDO2. We can also support PIV and TOTP/HOTP protocols.
See the list of applications that work with uTrust FIDO2 Security Keys and be sure to check back as we are continually adding applications to the list.
Yes. All uTrust FIDO2 Security Keys support both USB (contact) and NFC (contactless) authentication.
FIDO takes a “lightweight” approach to asymmetric public-key cryptography, which offers service providers a way to extend the security benefits of public-key cryptography to a wider array of applications, domains and devices — especially where traditional PKI has proven difficult or impossible. FIDO is not a replacement for PKI but rather complements it, enabling a greater number of users and applications to be protected using asymmetric encryption. This is especially important in situations where the alternative has been username and password.
No. FIDO Alliance only specifies standards for strong authentication and tests implementations for compliance to those standards; the Alliance does not provide services or equip devices or sites. Device manufacturers, online service providers, enterprises, and developers use the FIDO specifications to build products, provide services, and enable sites and browsers with FIDO authentication. Under FIDO specifications, the user’s credentials must remain on the user’s device and they are never shared with a provider or service.
No. This type of information exchange is prevented with FIDO authentication. Each device/website pairing requires separate registration and a separate cryptographic key pair. Once registered, a user can easily authenticate to multiple sites from the same device, yet each site has no knowledge of the user interactions with other sites. FIDO does not introduce any new tracking mechanism that could be used to correlate user activity online.
Unlike current password-based authentication models that have proven vulnerable to mass-scale attacks and fraud, FIDO authentication credentials are never shared or stored in centralized databases. FIDO credentials are known and maintained only by the user’s own device. All that is ever stored by the service provider are the public keys paired to the user’s device where the private keys are stored. This security model eliminates the risks of phishing, all forms of password theft, and replay attacks. A would-be attacker would need the user’s physical device to even attempt a hack (see below for more information). The password ecosystem has afforded attackers with great return on investment with relatively limited risk; the FIDO ecosystem is far more difficult, expensive, and risky for attackers to profit from.
No. In order to break into an account, the criminal would need not only the user’s device that was registered as a FIDO authenticator to the account but also the ability to defeat the user identification challenge used by the authenticator to protect the private keys, such as a username and PIN or a biometric. This makes it extremely difficult to break into a FIDO-enabled account.
If you have already purchased a uTrust FIDO2 Security Key, setting up and using your new security key for web-based FIDO2 authentication is as easy as 1-2-3. Get Started