I’ve been eyeing the Apex Flex for a while and since my workplace has begun rolling out hardware security keys it’s got me wondering about the FIDO2 capabilities of the Apex. I would have the ability to enroll the Apex, so not like I’m trying to clone a security key.
In my dream world, I would have a reader connected to my work machine, then when the browser prompts for the hardware key, I wold be able to scan the Apex against the reader and complete the login flow. Is this something that’s currently/near future possible, or am I living in a dream world?
Nice! So the challenge is in finding a supported USB NFC reader and crossing my fingers it works with my browser. I might pick up one of the NFC Yubikeys to test with
We have both a FIDO U2F and FIDO2 applet, however the FIDO2 applet is beta and not ready for real use outside of testing. I use the U2F applet in my right arm for legit things and on some sites I’ve been able to register the FIDO2 applet in my left arm, but on some sites it doesn’t work, and more recently I’ve had problems with it all together.
Also, FYI, almost everything that supports FIDO supports legacy U2F… only a few specific things actually requires FIDO2.
I’d get an ACR1252U from ACS… but any PC/SC compliant reader should work. I use one attached to my desktop workstation and I’m beepin and bumpin my U2F into github, twitter, etc. it’s super great.
Is it compatible with Microsoft yet? Or is that still in the works?
This would probably be my main use case… to replace my Yubikey… so when either Gmail or Microsoft Azure asks me to press the Yubikey, would be nice to scan an implant.
Also, FYI, almost everything that supports FIDO supports legacy U2F… only a few specific things actually requires FIDO2.
Yeah, fair - I don’t think I NEED FIDO2, pretty sure U2F is supported by our applications at work. Hopefully by the time FIDO2 is a requirement the applet will be out of beta.
I’d get an ACR1252U from ACS… but any PC/SC compliant reader should work
Thanks for the recommendation! Looks like I can pick one up for around $100 on eBay so I’ll probably go that route. Any idea what the Linux support is like? Linux is my daily drive outside of work, would be rad if it worked with both.
I use one attached to my desktop workstation and I’m beepin and bumpin my U2F into github, twitter, etc. it’s super great.
Well… what do you mean specifically? Windows Hello requires fido2 with some optional extensions enabled, and full certification from the fido alliance. I think azure can work with u2f but I don’t know if it works uncertified or if it also needs certification.
The nice thing is most security key services allow registration of multiple keys so testing is easy enough.