Solo – Open-source FIDO2 security key

What processor parts will this be using?<p>A major benefit of the Yubikey U2F parts is that they&#x27;re almost indestructible. I&#x27;ve heard over and over again about how flimsy the Feitian parts are, and from people who have run over their Yubikeys with cars and still had them work. How resilient (in particular: waterproof) will these be?

I&#x27;ve spent some time building small open source USB devices, I went through a &quot;let&#x27;s just use the PCB to make the USB plug&quot; phase but frankly they&#x27;re not wonderfully reliable, I&#x27;m not a fan, and actual USB plugs are cheap and reliable (you do need to use one that has thru-hole lugs to be robust, not just surface mount which is an extra manufacturing step).<p>I just finished building my first USB-C (for standard USB) board board, it&#x27;s surprisingly easy, 2 extra resistors - pad tolerances are tight, but it&#x27;s not hard

If you could manage to modify Signal so it&#x27;s keys were stored on the security key, and the user had to tap each time they log in, that would be far more valuable than GPG.

&gt; It protects against phishing<p>Not so much. U2F proves only that the user tapped the device when asked to do so.<p>You still have to trust your browser and your entire desktop that the tap will be used to log in to the service you are browsing instead of e.g. quietly logging to your home banking.<p>To prevent &quot;tap hijacking&quot; we need a display on the U2F key to show the URL&#x2F;service you are really authenticating to.

I wonder where are they going to manufacture it, and what control and visibility will they have into their supply chains, both upstream and downstream?<p>Absent some very serious issue with the crypto implementation, that would be my greatest concern -- how easy would it be for a state-level actor to introduce some sort of backdoor or other vulnerability (even a subtle one, e.g. modification to EM radiation pattern) to either all or just a select subset of devices, either into components &quot;upstream&quot; in the supply chain, in manufacturing itself, or downstream in transit to the retailer&#x2F;customer.

Is it U2F only or can it also do some of Yubikey stuff like storing GPG keys, etc?

See also the all in one OnlyKey - <a href="https:&#x2F;&#x2F;crp.to&#x2F;" rel="nofollow">https:&#x2F;&#x2F;crp.to&#x2F;</a>

Solo describes itself as &quot;An upgrade to U2F Zero.&quot; What does it do better than U2F Zero?

Bit of a tangent, but out of interest, why KickStarter as opposed to CrowdSupply?

What&#x27;s nitrokey&#x27;s status regarding fido2 ? I know that their current open source products don&#x27;t support it, but they were planning to add it.

Does FIDO2 imply WebAuthn? How do the two relate to each other, other than WebAuthn being an &#x27;outgrowth of&#x27; FIDO2?

Woohoo! My urge-zero key stopped working mysteriously and I wasn’t happy about that but I’ll give them another chance.

From the image it doesn&#x27;t look like it&#x27;ll be easily hand solderable. I love that about the U2F zero (though I&#x27;m still torn on if I should build it or buy it).

Any chance someone might make this work with Nextcloud?

I think I like my tomu.im gadget better.<p>Just sayin&#x27;.

Looks awesome, just one thing about the website if anybody knows them personally. The motto under the Product, &quot;Secure login, open, easy.&quot; is mostly hidden by the photo.