Apex Flex FIDO Setup - Going Passwordless

Hello,

I’ve had the Apex Flex for a few months now and it’s neat. I’ve successfully setup a FIDO key for 2FA logins and could only get them to work with Facebook and Google, which is cool. I’m interested in going passwordless, is that only with FIDO2, if so, do you configure it the same way as I did with 2FA on these sites? I understand that FIDO2 is still in Beta on the flex, but I wanna start playing around.

Also, I saw that you can use your Vivokey to authenticate to log into the forum here within browser, but it flashes red when I scan my Apex. Does this not work with that specific implant and only on the old Spark Vivokey?

Thanks! This is my first post here and I look forward to all the awesomeness :slight_smile:

1 Like

So when you installed Fido you chose Fido2?

It sounds like you are all over this.
Im sure you read the following

Vivokey offers two FIDO Security deployment
options to enable your VivoKey Apex implant or
vearable as a FIDO2 or FIDO U2F authenticatior
token. Our FIDO2 app is still in BETA and should
not be used for anything but testing purposes
Installation of a FIDO app and the VivoKey
attestation certificate will take a considerable
amount of time.

But if you havent seen these, they might be of interest to you

First one has some good info
(Ignore the fact that it says FlexSecure, Its basically the same chip as the ApexFlex, but untethered.)

https://forum.dangerousthings.com/t/applets-universal-two-factor-authentication-using-fido/15952

And especially this one as you seem interested in testing and capable of doing so

Mine is setup for my Spark, I have not tried with my Apex

There is some development/revamp in the Spark area, I dont have the full details, but I BELIEVE The Sparks will benefit from the Apex and be more functional, but it will be limited, as there are limitations with the Spark chip itself, but I GUESS the Apex will get some backward compatibility also.

Of course, I could just be talking through a hole in my arse, so basically, if you cant get it to work just now, I would suggest you wait and see what comes of tge Spark revamp…

1 Like

Thanks for the response. That link you dropped says it doesn’t exist when I click on it.
https://forum.dangerousthings.com/t/applets-universal-two-factor-authentication-using-fido/15952

Yeah, I’m running FIDO not FIDO2, cuz I shied away from the beta, but maybe I should experiment with it some.

Do you know what’s the difference between the Apex and FlexSecure? What do you mean by untethered?

Works for me? Try again?

When it comes to Fido and passwordless authentication, it can get a little confusing.

First there was U2F or universal two factor. It allowed a security token to be used along with a password to authenticate.

Next came fido2 which enabled passwordless authentication, but can also support U2F fall back if that feature is implemented in the security key. Our application for Apex supports fallback.

Many sites that have implemented Fido still only support U2F for two factor. Some supported fido2 properly, but only very few.

Then came passkeys, and the implementation of them has started a race to completely own your identity by the big tech firms. What was designed to give you autonomous security is being corraled. Besides a confusing change of terms (fido2 vs passkeys) and complicated support for security keys vs phone based passkey authentication, there is evidence that companies that want your passkey stored on their platform are actually purposely making it much more difficult to use a traditional security key for fido2.

Case in point, if you want to register a security key for your Google account, it is now hidden under other options. Passkey is now being heavily promoted over token solutions.

4 Likes

Apologies, Thats my bad.

Only visible to the Admins and the author

Its a locked thread, as it may be a work in progress.

It might still be getting worked on, and I’m sure will be made public when it is completed, as a lot of work has gone into it

move-along-nothing-to-see-here (1)

Oh yeah I think the content is actually moved to the GitHub repo instead. Seems appropriate the documentation stay with the code.

1 Like

Here you go

2 Likes

The FIDO2 applets includes all the old U2F functionality and supersedes the U2F applet. It is backwards-compatible to services using the U2F standard. I recommend going with the FIDO2 applet, this gives you the maximum compatibility.

3 Likes

Awesome! I went ahead and upgraded to FIDO2, but I was out of room so I had to delete a few things. When I did I noticed there wasn’t an option to reinstall the BIP32 Wallet. I don’t use it, but it’s just strange that it’s no longer an option. Any ideas what might be going on? It’s not a big deal, I’m more curious.

Thanks for your input with FIDO2!

1 Like

Fidesmo is adjusting a lot of the recipes for applet deployment so I’ll resubmit to ensure it’s an option again soon.

It appears that Fidesmo is going through some unexpected issues with their platform which is blocking deployment of some applets. They have been made aware and they are working on it.

1 Like

Is manual deployment still possible?
Using the codes you posted (quoted below)

So I started playing with my implant since the swelling went down and it’s not hurting. I was testing out the applets installs again and still can’t install fido2…it at least tries now but still failes saying not enough space even when nothing is installed. Since on iPhone and don’t have apex manager app yet I started playing with the yubikey Authenticator which works great for otp codes. Any other substitute apps that I can play with for now? I also have a flipper can that be used to write to these in anyway?

I’ll test on my shiny new used iPhone SE purchase and contact Fidesmo with log data

I have the log data from mine if that will help too. Copied it so I could look at it as I’m the curious type lol

Cool could you post it? It should contain nothing of concern with regard to privacy. If you’d rather though, you can DM me with it.

those super long posts are not fun to scroll past; im going to collapse them for you using this

Actually I’ve asked them to just post the data as a text file upload.

I deleted the posts and sent the text file. Sorry bout that guys wasn’t thinking earlier

How many FIDO2 residential keys can Apex Flex hold? Is the number different for FlexSecure? Can the RKs just fill the available storage or is there some kind of per-applet allocation going on?

With the push towards passkeys these implants are looking more and more interesting to me.

Some context: Firstyear's blog-a-log

1 Like