Will Apex Flex work with windows as a security key?

Hello everyone,

I always wanted a Yubikey but never got one for the fear of losing it.

Is the Apex Flex capable of 2FA with Windows and email logins?

Cheers

With the FIDO applet installed, it is capable… however to be able to use it for local Windows computer authentication (log into Windows) you will need some 3rd party software… or… drink the Microsoft koolaid.

Microsoft has limited the ability to use security keys or tokens to log into Windows to Windows Pro systems that are attached to a domain (active directory) or Azure AD (cloud directory, possibly now called Entra ID because why not change it). I think they did this because they have some stupid ideas about 1) home users not having any interest in higher level security, and 2) they can make business types pay for higher level security.

1 Like

Any updates on an applet which would allow users to log in to local windows accounts using their apex with Computer Login Security Tools | YubiKeys | Yubico ?

Interesting. Is this somewhere on their github? If so, we might be able to use it as a basis for a VivoKey solution.

1 Like

Cheers!

Can you use the same chip for multiple applets?

Yes

There is a list in the fidesmo store, give me a bit and I’ll take a screenshot for you.

Like any other device, You are limited to the capacity as to how many you can install, but it will fit most of the list.
The biggest size determining factor is if/what you choose for NDEF data

What I have on mine currently (TAP IMAGE TO OPEN FULLY, there are 9 applets)

How much space I have remaining

Remaining apps I can add

3 Likes

The local authentication provider Yubico provides uses HMAC-SHA1. See https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide . Security of their authentication provider is kind of questionable as they implement a wrapped authentication provider (GitHub - Yubico/yubico-windows-auth: YubiKey Logon for windows , Credential Providers in Windows - Win32 apps | Microsoft Learn ). In addition, the Yubikey is only used as a second factor, the user still has to enter their password.

1 Like

Thank you!

1 Like

Is there a way to get this functionality on Linux? Or should I just keep using KBR1 with NExT?

You mean something like Rohos???

And for windows peeps

Rohos is also pretty insecure… it only supports Fido for USB inserted keys and everything else is UID only… also you must enter your account password which is saved and then simply provides to the password credential provider module.

1 Like

pam_u2f allows secure login on Linux.

4 Likes

Do I need an Android phone to use the Apex?

When trying to enable FIDO2 in fidesmo, I says that I dont have memory although I have nothing installed. The Vivo app on iOS keep trying to connect to server without avail.


iOS has problems deploying applications sometimes. Try deploying a small application like free memory first.

The VivoKey app itself is not what you’d use at this point… it is fully depreciated. There is a coming VivoKey app called Apex Manager which can be used to interact with the Apex to do things like read available memory etc.