Update on OnlyKey new features

In *, OnlyKey, Product News by [email protected]

We have been hard at work on some new features for OnlyKey. One roadblock we ran into with the development of this release was that the latest version of Windows 10 (1903) now requires apps to be “run as administrator” in order to be able to communicate with OnlyKey. While running the OnlyKey App as admin does work, we are building a better solution that will be available in an upcoming OnlyKey app update.

With the next firmware release, OnlyKey will be ready for the passwordless future by adding FIDO2 (WebAuthn) support. While the future might be passwordless, the present is definitely not and so OnlyKey continues to support multiple methods of authentication including:

  • A hardware password manager 
  • Multiple two-factor methods – FIDO U2F, FIDO2 (*NEW), TOTP, and Yubikey OTP
  • Passwordless SSH login

We are also adding a new feature for challenge-response (HMACSHA1). OnlyKey is the first open source device to support this feature which was previously only supported by Yubikey. Challenge and response is a useful feature that is already supported by many apps. Now these apps can support OnlyKey as well as Yubikey. Applications that support this include:

  • KeePassXC software password manager supports challenge-response to lock your password vault. Using a master password plus challenge-response is much better than a master password alone. We are working with KeePassXC to add support for OnlyKey in future KeePassXC release.
  • Computer log in and full-disk encryption – The challenge-response code can be used to log in and is used with full-disk encryption solutions like LUKs. We will be working to add OnlyKey support to these projects. Know of any others we should add? We would love to hear about it, let us know and ask the project to add OnlyKey support.

But wait there’s more, here are some other features included in this release:

  • Lock OnlyKey and your computer with the touch of a button. You can now set a lock button on your OnlyKey, press it and it locks both your OnlyKey and your computer, works with Windows, Mac, and Linux.
  • Adjustable LED Brightness – You can now adjust the brightness of the light on OnlyKey through the app.
  • Quick-Config – A keyboard prompt configuration is now available for configuring OnlyKey completely app-free. This feature is very useful for user’s that only want to use OnlyKey as a security key and don’t want any apps to install. There are two modes here:
    • Auto-mode – Great for administrators provisioning devices for users. Press a button to generate secure random PINs and passphrase. Setup is completed in a matter of seconds.
    • Manual-mode – Quickly setup device with chosen PINs by following steps in the keyboard prompt. OnlyKey types out the instructions to follow, no app required.

NOTE: Since we are now using FIDO U2F and FIDO2 (thanks to the Solo project) all sites registered with U2F will require re-registering.

Whats next for OnlyKey

  • New hardware coming. We are working on additional OnlyKey hardware revisions to develop a a small form factor OnlyKey model. The small form factor model inspired by the TOMU project will fit inside a USB port and be USB-C compatible.
  • Integrate challenge-response with other open source projects. Please let us know of any projects that support this feature on Yubikey and we will work to get support for OnlyKey.
  • Better PGP/GPG support
  • Update to https://apps.crp.to to include better message encryption and easy GPG file encryption.
  • Our work on the Windows 10 issue mentioned earlier in this post lead to development of better data transports between OnlyKey and apps. We will be putting together a developer guide to make using OnlyKey in applications easier, including NPM modules for easily adding OnlyKey support to 3rd party apps.