New OnlyKey Features – Enterprise Windows Active Directory 2FA with Authlite & OpenSSH 2FA Support (ed25519-sk)

In *, 2FA, Encryption, FIDO2, GPG, OnlyKey, Product News by [email protected]

We are pleased to announce that new OnlyKey software is now available which includes new features and improvements to existing features.

A full list of new features is available here.

To get started, follow the instructions in the upgrade guide here.

Windows Active Directory 2FA with Authlite

Windows Local Active Directory (AD) does not support FIDO security keys and typically users log in via password authentication. 3rd party solutions such as Authlite may be used to implement 2-factor authentication for Windows AD.

With OnlyKey and Authlite one-time passwords are used for Windows AD authentication, more information available at authlite.com.


Why Authlite and OnlyKey?

  • Authlite supports physical security keys
  • Authlite fails closed, unlike DUO which may in many cases be bypassed (e.g., boot into safe mode)
  • Authlite does not require contact with external service, works offline, and only requires install of software on local domain controller
  • Like OnlyKey, Authlite is a one-time cost per user

OpenSSH 2FA Support

OnlyKey now supports the new ed25519-sk key type and FIDO2 resident keys with OpenSSH. This feature is supported in OpenSSH 8.2 and later. Use OnlyKey to store SSH keys that can be used directly in in OpenSSH by following our guide here.