Header banner
Revain logoHome Page
Nick Santos photo
Tanzania, Dodoma
1 Level
690 Review
31 Karma

Review on πŸ”‘ FEITIAN MultiPass K16 Security Key: FIDO U2F Two Factor Authenticator with Multiple Interfaces - USB-A, NFC, Bluetooth by Nick Santos

Revainrating 5 out of 5

Great option for FIDO authentication via USB, Bluetooth or NFC

Background: FIDO is an international alliance of companies that use two-factor authentication (2FA) with a proven secure method of creating of a public/private key pair for any website that supports FIDO authentication. This means that once you set up 2FA on this site using a security key or FIDO token, this FIDO device is required along with your regular username and password to log into the site. Each website is given its own unique cryptographic key pair, so no one can use information from one website to access another website. Google was one of the first developers and supporters of this initiative. Initially, Google supported FIDO keys for "two-step verification" login, and it also included backup authentication methods (like a printed list of one-time PINs or a text message to a smartphone). This method is still available. Google recently added a second, more secure option called Advanced Protection Program. This program allows you (or anyone else) to log into your Google Account *only* with a FIDO key or token. At least two keys are required for this. So if you lose or destroy one of the keys, you still have the other. Without the keys, you would have to ask Google for a workaround, which will only be provided after a few days and a few user verification steps. This Feitian FIDO dongle is unique (at least for now) in that it supports a traditional USB app that emulates a standard USB keyboard (a "Human Interface Device" or HID) and supports both NFC (for Android devices with NFC tag reader) as well as includes Bluetooth Low Energy (BLE) for Apple and other devices. Not only can this key be attached in three ways, but it also performs exactly the same function as other FIDO keys, such as e.g. B. the FIDO YubiKey product family. There were several reviews complaining about the packaging and wondering if it was safe. First, even if someone gets your key, there is absolutely nothing they can do with it to access your websites or personal information. The keys are useless until paired with each company's website. There is nothing to hack here, nothing can be changed and there is no risk. Secondly, this is a very new product and the original shipping/packaging material may have been temporarily defective. The unit I received today was well packaged, like a typical Revain "frustration free" product. It was packaged in a small brown cardboard box with a paper seal and a sliding envelope. Included in the box is a dongle (in a cut-out foam sleeve), a short USB-A to Micro-USB cable, and pairing instructions. It was trivially easy to set up, and the bluetooth pairing and FIDO pairing worked on the first try I can't judge the strength of the dongle as it's just been received, but personally I wouldn't stick it straight to my keychain in my pocket, as it will likely turn off the device over time if attached to the keychain Using the second ring to pull the keys out and allow more twisting motion would probably help, but if you need a nearly indestructible key, get one YubiKey.

Pros
  • Fingers crossed
Cons
  • I vaguely remember