Question about FIDO2 capabilities of Apex Flex

Howdy all,

I’ve been eyeing the Apex Flex for a while and since my workplace has begun rolling out hardware security keys it’s got me wondering about the FIDO2 capabilities of the Apex. I would have the ability to enroll the Apex, so not like I’m trying to clone a security key.

In my dream world, I would have a reader connected to my work machine, then when the browser prompts for the hardware key, I wold be able to scan the Apex against the reader and complete the login flow. Is this something that’s currently/near future possible, or am I living in a dream world?

That is how nfc u2f keys work. Same as using a yubikey with nfc. But OS and browser support is a bit all over the place in terms of nfc.

1 Like

Nice! So the challenge is in finding a supported USB NFC reader and crossing my fingers it works with my browser. I might pick up one of the NFC Yubikeys to test with

We have both a FIDO U2F and FIDO2 applet, however the FIDO2 applet is beta and not ready for real use outside of testing. I use the U2F applet in my right arm for legit things and on some sites I’ve been able to register the FIDO2 applet in my left arm, but on some sites it doesn’t work, and more recently I’ve had problems with it all together.

Also, FYI, almost everything that supports FIDO supports legacy U2F… only a few specific things actually requires FIDO2.

I’d get an ACR1252U from ACS… but any PC/SC compliant reader should work. I use one attached to my desktop workstation and I’m beepin and bumpin my U2F into github, twitter, etc. it’s super great.

Is it compatible with Microsoft yet? Or is that still in the works?

This would probably be my main use case… to replace my Yubikey… so when either Gmail or Microsoft Azure asks me to press the Yubikey, would be nice to scan an implant.

1 Like

Also, FYI, almost everything that supports FIDO supports legacy U2F… only a few specific things actually requires FIDO2.

Yeah, fair - I don’t think I NEED FIDO2, pretty sure U2F is supported by our applications at work. Hopefully by the time FIDO2 is a requirement the applet will be out of beta.

I’d get an ACR1252U from ACS… but any PC/SC compliant reader should work

Thanks for the recommendation! Looks like I can pick one up for around $100 on eBay so I’ll probably go that route. Any idea what the Linux support is like? Linux is my daily drive outside of work, would be rad if it worked with both.

I use one attached to my desktop workstation and I’m beepin and bumpin my U2F into github, twitter, etc. it’s super great.

This is the dream!

Well… what do you mean specifically? Windows Hello requires fido2 with some optional extensions enabled, and full certification from the fido alliance. I think azure can work with u2f but I don’t know if it works uncertified or if it also needs certification.

The nice thing is most security key services allow registration of multiple keys so testing is easy enough.

Was just wondering if VivoKey was planning on eventually becoming a Microsoft-compatible FIDO2 security key vendor, so that I could use a VivoKey product to log into Azure AD in the future.

Basically what is posted here, but with VivoKey Products… :slightly_smiling_face:

Ah yep that’s on our roadmap. Requires a lot of faffing around to certify and then apply… but we want to do that

4 Likes