uTrust FIDO2 Security Keys

Part No: 905601, 905601-1, 905602, 905602-2

Identiv’s uTrust FIDO2 Security Keys are assembled in the U.S.A. and provide a simple, strong authentication experience that eliminates the need for passwords.

Frequently Asked Questions

Please contact sales@identiv.com with additional questions and they will be added to the FAQs.

Based on free, open standards from the FIDO Alliance, Fast IDentity Online (FIDO) authentication enables password-only logins to be replaced with secure, fast login experiences across websites and apps. This is accomplished by using standard public-key cryptography to provide strong authentication and leave zero data at rest.
FIDO U2F is an open standard that provides added security and simplifies Universal 2-Factor (U2F) authentication.
FIDO2 is the term for FIDO Alliance’s newest set of specifications. FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. The FIDO2 specifications are the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).
The FIDO Alliance publicly launched early in 2013 with six member companies. Since then, the Alliance has grown to include over 250 members worldwide. Please see the member list here.
During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a user inserting a uTrust FIDO2 Security Key or pressing the NFC button on the security key.
The FIDO Alliance developed its FIDO2 specifications with the W3C to enable FIDO authentication capabilities to be built into a wider array of devices, platforms, and web browsers. FIDO2 is currently supported in Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari (MacOS) web browsers, as well as Windows 10 and Android platforms.
A security key is a physical device that you can use instead of your username and password to authenticate to FIDO-compatible applications. Since it is used in addition to a PIN, even if someone has your security key, they will not be able to sign in without the PIN that you registered on the key.
Yes. uTrust FIDO2 Security Keys support FIDO U2F and FIDO2. We can also support PIV and TOTP/HOTP protocols.
See the list of applications that work with uTrust FIDO2 Security Keys and be sure to check back as we are continually adding applications to the list.
Yes. All uTrust FIDO2 Security Keys support both USB (contact) and NFC (contactless) authentication.
FIDO takes a “lightweight” approach to asymmetric public-key cryptography, which offers service providers a way to extend the security benefits of public-key cryptography to a wider array of applications, domains and devices — especially where traditional PKI has proven difficult or impossible. FIDO is not a replacement for PKI but rather complements it, enabling a greater number of users and applications to be protected using asymmetric encryption. This is especially important in situations where the alternative has been username and password.
No. FIDO Alliance only specifies standards for strong authentication and tests implementations for compliance to those standards; the Alliance does not provide services or equip devices or sites. Device manufacturers, online service providers, enterprises, and developers use the FIDO specifications to build products, provide services, and enable sites and browsers with FIDO authentication. Under FIDO specifications, the user’s credentials must remain on the user’s device and they are never shared with a provider or service.
No. This type of information exchange is prevented with FIDO authentication. Each device/website pairing requires separate registration and a separate cryptographic key pair. Once registered, a user can easily authenticate to multiple sites from the same device, yet each site has no knowledge of the user interactions with other sites. FIDO does not introduce any new tracking mechanism that could be used to correlate user activity online.
Unlike current password-based authentication models that have proven vulnerable to mass-scale attacks and fraud, FIDO authentication credentials are never shared or stored in centralized databases. FIDO credentials are known and maintained only by the user’s own device. All that is ever stored by the service provider are the public keys paired to the user’s device where the private keys are stored. This security model eliminates the risks of phishing, all forms of password theft, and replay attacks. A would-be attacker would need the user’s physical device to even attempt a hack (see below for more information). The password ecosystem has afforded attackers with great return on investment with relatively limited risk; the FIDO ecosystem is far more difficult, expensive, and risky for attackers to profit from.
No. In order to break into an account, the criminal would need not only the user’s device that was registered as a FIDO authenticator to the account but also the ability to defeat the user identification challenge used by the authenticator to protect the private keys, such as a username and PIN or a biometric. This makes it extremely difficult to break into a FIDO-enabled account.