FIDO2 security key company releases hardware that's open source and uses Rust

In life, every so often one hears of a concept that is so simple and so elegant that the fact that one had not heard of it before today makes one’s jaw drop in disbelief:<p>&gt; <i>Reversible USB-A. Well this maybe wasn&#x27;t the most critical feature anyone expected, but, consequence of our new PCB &amp; case combined construction, it was easy to make USB-A reversible. So why not!</i>

As someone who is comfortable with TOTP but hasn&#x27;t tried FIDO-&#x2F;Yubikey-style devices, I have a few questions:<p>- Are drivers for this <i>already installed</i> as part of desktop Ubuntu 20.10&#x2F;Windows 10? Any driver installation will absolutely make this a no-go for family members.<p>- Is additional software required for <i>anything</i> non-techies might reasonably want to do with this device, including resetting it, adding an entry or checking which entries are already on the device? The ideal would probably be if the device acts like a USB stick, with entries being shown as .bin&#x2F;.txt files which can be manipulated in the normal ways.<p>- How easy is it to create a backup? The ideal (for non-techies) would probably be something like plugging a device into a PC and simply copying files across. Ditto for duplicating to another device.<p>- Is there anything else which would likely stop non-techies from using this for basically everything they care about?

As someone who&#x27;s not familiar with U2F or comparable standards I have a general question about the topic: When registering a key for multiple accounts (at the same site or at different sites) can website owners link those accounts by some common &quot;key ID&quot;? In the sense of: &quot;Oh, this is Bob&#x27;s key so this account must belong to Bob&quot;.

&quot;Reversible USB-A&quot; now there&#x27;s a feature I wish we&#x27;d see more often!

Nice, I&#x27;d love this as an open source yubikey replacement.<p>But it doesn&#x27;t do OpenPGP, I rely on that way too much sadly. Not just for SSH which supports fido2 now but also for file encryption and my password manager.<p>If they add that in the future I might jump ship.

This looks great and I&#x27;m very excited for it, but it&#x27;s been &quot;coming soon&quot; for more than a year. The original release date was last June, now it&#x27;s this June for the first backer keys, AFAIK.<p>I hope it doesn&#x27;t take that long, but there&#x27;s a history of delays, unfortunately.

From the founder of Solo, I assume:<p>&quot;I&#x27;ve been working on Solo for almost 3 years now. It started back when I was in college and on a whim, ordered a run of 1000 security keys that I designed and then shipped them all to Amazon. &quot;<p>Hm... not sure I can trust my keys to something developed on a whim by a college student.

I&#x27;m really hoping they bring GPG to the Solokey V1, but I&#x27;m starting to lose confidence

I&#x27;m <i>still</i> curious how the key is tamper resistent when filling it with transparent epoxy. I asked when the article was published on lobste.rs but never got an answer. It seems to me it should be fairly easy to remove the epoxy and refill after tampering.<p>I should probably email them about this at this point, but I think it&#x27;s weird they haven&#x27;t explained the &quot;tampering resistent&quot; part in their marketing material in any detail.

&gt; releases hardware that&#x27;s open source and uses Rust<p>This is an LPC55S69. So it&#x27;s open source firmware, not open source hardware.

Is there a Linux compatible NFC reader that would allow a simple tap to authenticate with one of these?

Does anyone know if these types of keys and&#x2F;or protocols can be made to work without a full USB bus? I&#x27;d love to have this kind of functionality in embedded systems, without running an OS.

How does this compare to a Yubikey for example?

am i reading their marketing stuff correctly that this doesn&#x27;t include any new fido-protocol features vs the solo key v1? that is, as far as chrome sees it, it might as well be the same product?

Reminder: FIDO2 is mostly useless if your browser or your OS is compromised.<p>Also if someone hijacks your account using bruteforced recovery codes and&#x2F;or email.<p>Also if the servers are compromised or account data leaked.<p>In short, it protects from some forms of phishing.<p>(I&#x27;m not trying to criticize FIDO2, just pointing out what to expect from it)