Feitian Multipass Fido Security Key
FEITIAN MultiPass K16 Security Key - FIDO U2F - Two Factor Authenticator with Multiple Interfaces - USB-A, NFC, Bluetooth - Help Prevent Account Takeovers with Multi-Factor Authentication
Feitian Multipass Fido Security Key is very nice product. Background: FIDO is an international alliance of companies who support two-factor authentication (2FA), using a proven-secure method of generating a public/private key pair for each website that supports FIDO authentication. This means, once you have set up 2FA on that site, using a FIDO security key or token, that FIDO device will be required to log into the site, along with your typical username and password. Each website gets its own, unique cryptographic key pair, so nobody can use information from one website to log into a different website.
Google was one of the early developers and supporters of this initiative. Originally, Google supported FIDO keys for their “two step verification” sign-on, with backup authentication methods also enabled (such as a printed list of one-time PIN numbers, or a text to a smartphone). This method is still available. Recently, Google added a second, more secure option, the “Advanced Protection Program”. Under this program, the *only* way you (or someone else) can log into your Google account is by using a FIDO key or token. This requires at least two keys, so that, if you lose or destroy one of the keys, you still have another. Without the key(s), you’d have to request a workaround from Google, which is only granted after several days and some user verification steps.
This Feitian FIDO key is unique (at least as of now), in that it supports the traditional USB attachment, which emulates a standard USB keyboard (a “Human Interface Device” or HID), and it also includes both NFC (for Android devices with a NFC tag reader) and Bluetooth Low Energy (BLE) for Apple and other devices.
Aside from the three-method attachment, this key performs exactly the same function as other FIDO keys, such as the YubiKey family of FIDO products.
There have been a couple of reviews complaining about the packaging, wondering if it was secure. First: even if somebody got their hands on your key, there is absolutely nothing they can do with it to access your websites or personal information. The keys are useless until paired with each company’s website. There is nothing to hack, nothing that can be altered, and no risk. Second: this is a very new product, and perhaps the initial shipping/packaging materials were temporarily sub-par. The unit I received today was nicely packaged, as would be a typical Amazon “Frustration Free” product. It came in a small brown cardboard box, with a paper tamper evident seal, and a slide-out sleeve. The package includes the key (in a cut-out custom foam surround, a short USB A to micro USB cable, and a pairing guide.
Setting it up was trivially easy, and both the Bluetooth pairing and FIDO pairing worked on the first try. I can’t comment on the ruggedness of the key, since I just got it, but personally, I wouldn’t put it directly on a key ring with keys, in a pocket, as this would probably beat up the device over time. Attaching it to a key ring by using a second ring to extend it out from the keys and allow more twisting motion would probably help, However, if you want a nearly indestructible key, get a YubiKey.Promised Review by Steve Weinberg