#token2 — Public Fediverse posts

Just confirmed: my TOTP seeds live on my Token2 Bio3 key itself.
The app is just a reader. The seed never leaves the hardware.

That said — Proton Authenticator looks genuinely excellent.
If I didn't have a key where the seed lives on it,
that's where I'd put my seed.

Gigity.

#TOTP #2FA #Infosec #ProtonAuth #Token2 #FIDO2

Just confirmed: my TOTP seeds live on my Token2 Bio3 key itself.
The app is just a reader. The seed never leaves the hardware.

That said — Proton Authenticator looks genuinely excellent.
If I didn't have a key where the seed lives on it,
that's where I'd put my seed.

Gigity.

#TOTP #2FA #Infosec #ProtonAuth #Token2 #FIDO2

Just confirmed: my TOTP seeds live on my Token2 Bio3 key itself.
The app is just a reader. The seed never leaves the hardware.

That said — Proton Authenticator looks genuinely excellent.
If I didn't have a key where the seed lives on it,
that's where I'd put my seed.

Gigity.

#TOTP #2FA #Infosec #ProtonAuth #Token2 #FIDO2

Just confirmed: my TOTP seeds live on my Token2 Bio3 key itself.
The app is just a reader. The seed never leaves the hardware.

That said — Proton Authenticator looks genuinely excellent.
If I didn't have a key where the seed lives on it,
that's where I'd put my seed.

Gigity.

#TOTP #2FA #Infosec #ProtonAuth #Token2 #FIDO2

Just confirmed: my TOTP seeds live on my Token2 Bio3 key itself.
The app is just a reader. The seed never leaves the hardware.

That said — Proton Authenticator looks genuinely excellent.
If I didn't have a key where the seed lives on it,
that's where I'd put my seed.

Gigity.

#TOTP #2FA #Infosec #ProtonAuth #Token2 #FIDO2

@Cloudsincoffee

do they work on Linux for LUKS etc. - can you use the same package yubikey-luks? I'm currently using Yubikey, but always open for change, if it is not too difficult.

#Yubikey #Token2 #LUKS #Linux #FIDO2 #MFA

@Cloudsincoffee

do they work on Linux for LUKS etc. - can you use the same package yubikey-luks? I'm currently using Yubikey, but always open for change, if it is not too difficult.

#Yubikey #Token2 #LUKS #Linux #FIDO2 #MFA

Seeing the latest video hit #1 in the studio dashboard is a great reminder of why I started Terminal Tilt.

780 views in less than 7 hours on a video about hardware security keys? You all prove there’s a massive hunger for privacy and right-to-repair content.

Huge thank you to everyone who watched and shared!

If you haven't watched it yet, its available here: https://www.youtube.com/watch?v=lQlN84gEb9c

#DigitalSovereignty #Privacy #OpSec #RightToRepair #OpenSource #Token2 #Yubikey #Nitrokey #TerminalTIlt

🚨 New Video: Protecting You From Yourself - The Token2 Review

We have looked at the industry standard (YubiKey) and the philosophical idealist (Nitrokey). Today, we’re looking at the aggressor: Token2.

The PIN+ Dual Release 3.3 and the Bio3 come in at nearly half the price of the competition, but there is a catch. This Swiss company doesn't care about convenience; they care about correctness. From hardware-enforced complex PINs to a literal war on legacy TOTP codes, Token2 assumes your ego is your biggest vulnerability.

Is this cynical, locked-down approach exactly what we need for true digital sovereignty, or is the clunky user experience a dealbreaker? Let's find out if this is the ultimate punk rock choice for your threat model.

Part 5 of the Sovereign Authentication series.

100% human made. #NoAI :NoAI:

▶️ YouTube: https://www.youtube.com/watch?v=lQlN84gEb9c
📺 PeerTube: https://gnulinux.tube/w/fZbyKea1b6QJVQoFE4oQso

💬 Join our sovereign community on Stoat: https://stt.gg/GgB6HBTv
☕ Support the mission: https://liberapay.com/terminaltilt
🤝 Become a channel member: https://www.youtube.com/@TerminalTilt/join

#TerminalTilt #NoAI #Privacy #Security #PasswordManager #Token2 #Nitrokey #Yubikey #Yubico #FOSS #OpenSource #Linux #Cybersecurity #SelfHosted #DeGoogle #DigitalSovereignty #QueerCreator #DisabledCreator #HumanMade #TechEthics

Decided to give the cross-platform TOTP app from Token2 a go. It's only available from the customer panel, BSL licensed, comes as a zip with Python modules.

To get it to run on Arch Linux you need to update the version of pyscard in the requirements.txt file to pyscard~=2.3.1, only then will it actually build when you make a venv and run pip install -r requirements.txt.

Other than that it looks like a cool little tool, has both a GUI and a CLI, works fine as far as I can tell. Even lets you require a button press on the key to show an OTP.

#Token2

Terminal Tilt: Upcoming Schedule

Tomorrow: Divoom Pixoo 64 Review.

Monday, Feb 23: Sovereign Authentication (Part 3) – The YubiKey 5 Series Review.

Feb 26: Keychron Q1 V2 – 4 Years Later.

March 2: Sovereign Authentication (Part 4) – Nitrokey 3A NFC Review.

March 5: Epomaker TH99 Pro Review.

March 9: Sovereign Authentication (Part 5) - Token2 Keys Review

https://www.youtube.com/@TerminalTilt

#TerminalTilt #DigitalSovereignty #RightToRepair #Privacy #SelfHosted #YubiKey #Nitrokey #Keychron #Epomaker #Token2 #Divoom #Pixoo64 #DivoomPixoo64 #Zettlr

Terminal Tilt: Upcoming Schedule

Tomorrow: Divoom Pixoo 64 Review.

Monday, Feb 23: Sovereign Authentication (Part 3) – The YubiKey 5 Series Review.

Feb 26: Keychron Q1 V2 – 4 Years Later.

March 2: Sovereign Authentication (Part 4) – Nitrokey 3A NFC Review.

March 5: Epomaker TH99 Pro Review.

March 9: Sovereign Authentication (Part 5) - Token2 Keys Review

https://www.youtube.com/@TerminalTilt

#TerminalTilt #DigitalSovereignty #RightToRepair #Privacy #SelfHosted #YubiKey #Nitrokey #Keychron #Epomaker #Token2 #Divoom #Pixoo64 #DivoomPixoo64 #Zettlr

Terminal Tilt: Upcoming Schedule

Tomorrow: Divoom Pixoo 64 Review.

Monday, Feb 23: Sovereign Authentication (Part 3) – The YubiKey 5 Series Review.

Feb 26: Keychron Q1 V2 – 4 Years Later.

March 2: Sovereign Authentication (Part 4) – Nitrokey 3A NFC Review.

March 5: Epomaker TH99 Pro Review.

March 9: Sovereign Authentication (Part 5) - Token2 Keys Review

https://www.youtube.com/@TerminalTilt

#TerminalTilt #DigitalSovereignty #RightToRepair #Privacy #SelfHosted #YubiKey #Nitrokey #Keychron #Epomaker #Token2 #Divoom #Pixoo64 #DivoomPixoo64 #Zettlr

Terminal Tilt: Upcoming Schedule

Tomorrow: Divoom Pixoo 64 Review.

Monday, Feb 23: Sovereign Authentication (Part 3) – The YubiKey 5 Series Review.

Feb 26: Keychron Q1 V2 – 4 Years Later.

March 2: Sovereign Authentication (Part 4) – Nitrokey 3A NFC Review.

March 5: Epomaker TH99 Pro Review.

March 9: Sovereign Authentication (Part 5) - Token2 Keys Review

https://www.youtube.com/@TerminalTilt

#TerminalTilt #DigitalSovereignty #RightToRepair #Privacy #SelfHosted #YubiKey #Nitrokey #Keychron #Epomaker #Token2 #Divoom #Pixoo64 #DivoomPixoo64 #Zettlr

Terminal Tilt: Upcoming Schedule

Tomorrow: Divoom Pixoo 64 Review.

Monday, Feb 23: Sovereign Authentication (Part 3) – The YubiKey 5 Series Review.

Feb 26: Keychron Q1 V2 – 4 Years Later.

March 2: Sovereign Authentication (Part 4) – Nitrokey 3A NFC Review.

March 5: Epomaker TH99 Pro Review.

March 9: Sovereign Authentication (Part 5) - Token2 Keys Review

https://www.youtube.com/@TerminalTilt

#TerminalTilt #DigitalSovereignty #RightToRepair #Privacy #SelfHosted #YubiKey #Nitrokey #Keychron #Epomaker #Token2 #Divoom #Pixoo64 #DivoomPixoo64 #Zettlr

I have officially deleted my Amazon account and cut ties with their ecosystem entirely. For a long time, the convenience of Prime felt like a necessary evil, especially since they have a warehouse in my city and can do same day shipping. But I can no longer reconcile the big tech giant's behavior with the values I promote at Terminal Tilt. As a privacy advocate and FOSS supporter, continuing to feed the machine feels increasingly hypocritical.

Ethically, their treatment of labor is indefensible. Between the terrible warehouse conditions and the dark patterns designed to make canceling subscriptions nearly impossible, it is clear they view both employees and customers as numbers to be exploited, with contempt. Their anti-competitive practices have done irreparable harm to small businesses and independent creators who are forced to play in a rigged sandbox.

As an FSF and EFF member, I believe privacy is a fundamental right. Amazon's business model relies on massive data harvesting and a huge surveillance network that I simply do not want to be a part of. Deleting my account is my way of reclaiming my digital sovereignty and refusing to let my personal data be a product in their inventory.

The change also affects how I handle Terminal Tilt going forward. I am officially ending the use of Amazon affiliate links for the channel. While the links are a standard revenue stream for most creators, I refuse to track my audience into the Amazon ecosystem just for a small commission. I would rather the channel grow slower and more honestly than profit from a company that actively works against user freedom. Convenience is the enemy of sovereignty.

When I review products now, whether it is the security keys from @nitrokey , @yubico , and Token2 or open source hardware, I will provide links to direct manufacturers or ethical, privacy-respecting retailers instead. Convenience should never be the primary metric for our choices.

If you want to support my work on Linux, privacy, and the #NoAI movement, I encourage you to use my LiberaPay or Ko-Fi links. Supporting creators directly ensures that the content remains independent and free from the influence of the Epstein class and corporate overlords. You can find all my direct support links on my self-hosted Linkstack: https://links.terminaltilt.com

It feels good to be out. It is time to prioritize people and principles over same-day shipping.

#DeleteAmazon #AmazonBoycott #Amazon #Privacy #FOSS #Linux #TerminalTilt #EthicalConsumerism #Ethics #InfoSec #Yubikey #Nitrokey #Token2 #2FA #MFA #Surveillance #SurveillanceCapitalism #DigitalSovereignty #SelfHosting

I have officially deleted my Amazon account and cut ties with their ecosystem entirely. For a long time, the convenience of Prime felt like a necessary evil, especially since they have a warehouse in my city and can do same day shipping. But I can no longer reconcile the big tech giant's behavior with the values I promote at Terminal Tilt. As a privacy advocate and FOSS supporter, continuing to feed the machine feels increasingly hypocritical.

Ethically, their treatment of labor is indefensible. Between the terrible warehouse conditions and the dark patterns designed to make canceling subscriptions nearly impossible, it is clear they view both employees and customers as numbers to be exploited, with contempt. Their anti-competitive practices have done irreparable harm to small businesses and independent creators who are forced to play in a rigged sandbox.

As an FSF and EFF member, I believe privacy is a fundamental right. Amazon's business model relies on massive data harvesting and a huge surveillance network that I simply do not want to be a part of. Deleting my account is my way of reclaiming my digital sovereignty and refusing to let my personal data be a product in their inventory.

The change also affects how I handle Terminal Tilt going forward. I am officially ending the use of Amazon affiliate links for the channel. While the links are a standard revenue stream for most creators, I refuse to track my audience into the Amazon ecosystem just for a small commission. I would rather the channel grow slower and more honestly than profit from a company that actively works against user freedom. Convenience is the enemy of sovereignty.

When I review products now, whether it is the security keys from @nitrokey , @yubico , and Token2 or open source hardware, I will provide links to direct manufacturers or ethical, privacy-respecting retailers instead. Convenience should never be the primary metric for our choices.

If you want to support my work on Linux, privacy, and the #NoAI movement, I encourage you to use my LiberaPay or Ko-Fi links. Supporting creators directly ensures that the content remains independent and free from the influence of the Epstein class and corporate overlords. You can find all my direct support links on my self-hosted Linkstack: https://links.terminaltilt.com

It feels good to be out. It is time to prioritize people and principles over same-day shipping.

#DeleteAmazon #AmazonBoycott #Amazon #Privacy #FOSS #Linux #TerminalTilt #EthicalConsumerism #Ethics #InfoSec #Yubikey #Nitrokey #Token2 #2FA #MFA #Surveillance #SurveillanceCapitalism #DigitalSovereignty #SelfHosting

I have officially deleted my Amazon account and cut ties with their ecosystem entirely. For a long time, the convenience of Prime felt like a necessary evil, especially since they have a warehouse in my city and can do same day shipping. But I can no longer reconcile the big tech giant's behavior with the values I promote at Terminal Tilt. As a privacy advocate and FOSS supporter, continuing to feed the machine feels increasingly hypocritical.

Ethically, their treatment of labor is indefensible. Between the terrible warehouse conditions and the dark patterns designed to make canceling subscriptions nearly impossible, it is clear they view both employees and customers as numbers to be exploited, with contempt. Their anti-competitive practices have done irreparable harm to small businesses and independent creators who are forced to play in a rigged sandbox.

As an FSF and EFF member, I believe privacy is a fundamental right. Amazon's business model relies on massive data harvesting and a huge surveillance network that I simply do not want to be a part of. Deleting my account is my way of reclaiming my digital sovereignty and refusing to let my personal data be a product in their inventory.

The change also affects how I handle Terminal Tilt going forward. I am officially ending the use of Amazon affiliate links for the channel. While the links are a standard revenue stream for most creators, I refuse to track my audience into the Amazon ecosystem just for a small commission. I would rather the channel grow slower and more honestly than profit from a company that actively works against user freedom. Convenience is the enemy of sovereignty.

When I review products now, whether it is the security keys from @nitrokey , @yubico , and Token2 or open source hardware, I will provide links to direct manufacturers or ethical, privacy-respecting retailers instead. Convenience should never be the primary metric for our choices.

If you want to support my work on Linux, privacy, and the #NoAI movement, I encourage you to use my LiberaPay or Ko-Fi links. Supporting creators directly ensures that the content remains independent and free from the influence of the Epstein class and corporate overlords. You can find all my direct support links on my self-hosted Linkstack: https://links.terminaltilt.com

It feels good to be out. It is time to prioritize people and principles over same-day shipping.

#DeleteAmazon #AmazonBoycott #Amazon #Privacy #FOSS #Linux #TerminalTilt #EthicalConsumerism #Ethics #InfoSec #Yubikey #Nitrokey #Token2 #2FA #MFA #Surveillance #SurveillanceCapitalism #DigitalSovereignty #SelfHosting

I have officially deleted my Amazon account and cut ties with their ecosystem entirely. For a long time, the convenience of Prime felt like a necessary evil, especially since they have a warehouse in my city and can do same day shipping. But I can no longer reconcile the big tech giant's behavior with the values I promote at Terminal Tilt. As a privacy advocate and FOSS supporter, continuing to feed the machine feels increasingly hypocritical.

Ethically, their treatment of labor is indefensible. Between the terrible warehouse conditions and the dark patterns designed to make canceling subscriptions nearly impossible, it is clear they view both employees and customers as numbers to be exploited, with contempt. Their anti-competitive practices have done irreparable harm to small businesses and independent creators who are forced to play in a rigged sandbox.

As an FSF and EFF member, I believe privacy is a fundamental right. Amazon's business model relies on massive data harvesting and a huge surveillance network that I simply do not want to be a part of. Deleting my account is my way of reclaiming my digital sovereignty and refusing to let my personal data be a product in their inventory.

The change also affects how I handle Terminal Tilt going forward. I am officially ending the use of Amazon affiliate links for the channel. While the links are a standard revenue stream for most creators, I refuse to track my audience into the Amazon ecosystem just for a small commission. I would rather the channel grow slower and more honestly than profit from a company that actively works against user freedom. Convenience is the enemy of sovereignty.

When I review products now, whether it is the security keys from @nitrokey , @yubico , and Token2 or open source hardware, I will provide links to direct manufacturers or ethical, privacy-respecting retailers instead. Convenience should never be the primary metric for our choices.

If you want to support my work on Linux, privacy, and the #NoAI movement, I encourage you to use my LiberaPay or Ko-Fi links. Supporting creators directly ensures that the content remains independent and free from the influence of the Epstein class and corporate overlords. You can find all my direct support links on my self-hosted Linkstack: https://links.terminaltilt.com

It feels good to be out. It is time to prioritize people and principles over same-day shipping.

#DeleteAmazon #AmazonBoycott #Amazon #Privacy #FOSS #Linux #TerminalTilt #EthicalConsumerism #Ethics #InfoSec #Yubikey #Nitrokey #Token2 #2FA #MFA #Surveillance #SurveillanceCapitalism #DigitalSovereignty #SelfHosting

I have officially deleted my Amazon account and cut ties with their ecosystem entirely. For a long time, the convenience of Prime felt like a necessary evil, especially since they have a warehouse in my city and can do same day shipping. But I can no longer reconcile the big tech giant's behavior with the values I promote at Terminal Tilt. As a privacy advocate and FOSS supporter, continuing to feed the machine feels increasingly hypocritical.

Ethically, their treatment of labor is indefensible. Between the terrible warehouse conditions and the dark patterns designed to make canceling subscriptions nearly impossible, it is clear they view both employees and customers as numbers to be exploited, with contempt. Their anti-competitive practices have done irreparable harm to small businesses and independent creators who are forced to play in a rigged sandbox.

As an FSF and EFF member, I believe privacy is a fundamental right. Amazon's business model relies on massive data harvesting and a huge surveillance network that I simply do not want to be a part of. Deleting my account is my way of reclaiming my digital sovereignty and refusing to let my personal data be a product in their inventory.

The change also affects how I handle Terminal Tilt going forward. I am officially ending the use of Amazon affiliate links for the channel. While the links are a standard revenue stream for most creators, I refuse to track my audience into the Amazon ecosystem just for a small commission. I would rather the channel grow slower and more honestly than profit from a company that actively works against user freedom. Convenience is the enemy of sovereignty.

When I review products now, whether it is the security keys from @nitrokey , @yubico , and Token2 or open source hardware, I will provide links to direct manufacturers or ethical, privacy-respecting retailers instead. Convenience should never be the primary metric for our choices.

If you want to support my work on Linux, privacy, and the #NoAI movement, I encourage you to use my LiberaPay or Ko-Fi links. Supporting creators directly ensures that the content remains independent and free from the influence of the Epstein class and corporate overlords. You can find all my direct support links on my self-hosted Linkstack: https://links.terminaltilt.com

It feels good to be out. It is time to prioritize people and principles over same-day shipping.

#DeleteAmazon #AmazonBoycott #Amazon #Privacy #FOSS #Linux #TerminalTilt #EthicalConsumerism #Ethics #InfoSec #Yubikey #Nitrokey #Token2 #2FA #MFA #Surveillance #SurveillanceCapitalism #DigitalSovereignty #SelfHosting

🚨 New Video: Stop Trusting Google With Your Keys (Part 1 of 5: Sovereign Authentication)

Convenience is the enemy of sovereignty.

You don't own your phone number; you lease it. If you rely on SMS or cloud-synced apps like Google Authenticator, you aren't securing your account. You are handing the keys to a landlord.

In the premiere of this new series, we break down the 4 Tiers of Authentication. We explain why SMS is a disaster, why I deleted Google Authenticator, and why hardware keys are the only way to truly own your access.

100% Human made. #NoAI :NoAI:

▶️ YouTube: https://www.youtube.com/watch?v=7Y8Q9LnSQxM

📺 PeerTube: https://gnulinux.tube/w/hbNHh7TjUNiCa98waLmHn1

📝 Blog Post: https://www.terminaltilt.com/2026/02/09/stop-trusting-google-with-your-keys/

Support the mission: ☕ https://ko-fi.com/terminaltilt | https://liberapay.com/terminaltilt

#TerminalTilt #NoAI #Security #Privacy #2FA #MFA #Yubikey #Nitrokey #Token2 #FOSS #Linux #Cybersecurity #SelfHosted #Google #DeGoogle #DigitalSovereignty #QueerCreator #DisabledCreator #HumanMade #TechEthics

I wonder, are there any working SSH clients on iOS that can handle ed255519_sk keys?

(That’s the variant where you have a public and private key part however the private key links to a residential key on an external FIDO2 security token. You plug in the token or use NFC, enter the pin and confirm with a touch)

#ssh #fido2 #token2 #iOS #ed25519

I am working on the upcoming security key reviews, including a review of Token2's biometric key, Token2 PIN+Bio3, for a future video.

I know many of you view biometrics as a convenience (or a privacy risk), I want to give Token2 praise for the Bio3.

For users with tremors, Parkinson’s, or cerebral palsy, typing a 20+ character passphrase without a typo can be a physical barrier to security.

A fingerprint sensor isn't lazy, for many it is the only accessible way to be secure.

#Token2 #Accessibility #Security #FIDO2 #Privacy #TerminalTilt #GNULinux #GNU #Linux #FOSS #OpenSource

To contrast Paypal with Cloudflare, this is how you do it correctly.

I was able to enroll all three of my hardware keys ( @nitrokey , @yubico , and Token2) without issue. No one key limits and no being forced into software backups.

When a platform actually respects FIDO2 as a standard, you can have true hardware redundancy.

Of course, I will mention all of this in my upcoming security key series.

#CyberSecurity #FIDO2 #Nitrokey #YubiKey #Token2 #Hardening #TerminalTilt #Cloudflare #Privacy #Security

Is it 2026 or 2006? I just went to harden my PayPal account with my new review units.

Turns out, PayPal still only supports one physical security key. No backups allowed. If you want redundancy, they force you back to TOTP apps or (worse) SMS.

#CyberSecurity #FIDO2 #Yubico #Nitrokey #Privacy #Security #TerminalTilt #FinTechFail #Token2 #Banking #Money

@pink @nitrokey @yubico

UPDATE #2: The Trifecta is Complete!

I’m thrilled to announce that Token2 is joining the upcoming security series!

I am aligning the Token2 review with their core mission: The death of legacy TOTP.

While many users still rely on codes, Token2 is pushing for a 100% phishing resistant future. We will be focusing exclusively on their Open Source, publicly audited FIDO2 stack. This is a massive win for the #FOSS community. Hardware that is both auditable and explicitly designed to move us past insecure, legacy protocols.

The Comparison is now set:

Yubico: The Industry Giant (Closed Source).

Nitrokey: The Open Hardware Veteran.

Token2: The Audited Open FIDO2 Specialist.

Thank you for the boosts! :tux:

#FOSS #CyberSecurity #Token2 #Yubico #NitroKey #Linux #TechReview #Transparency #TerminalTilt

Finally finished the #Framework expansion card design for the #Token2 FIDO2 security key.

https://blog.tinned-software.net/framework-expansion-card-for-token2-t2f2-security-key/

When setting up a new hardware key, this feels very insecure. I’m entering the new PIN for it into my browser of all things… What is the recommended way to set a PIN on a #YubiKey and #Token2 using a Mac or Linux machine?

#Passkeys are everywhere nowadays
#windowshello #fido2 #androidpasskeys #token2

I myself switch to passkeys for any supported service. Have a look here if your services are supported: https://www.passkeys.io/who-supports-passkeys

Understanding why they're more secure and why they are able to be used in so many different shapes is not as easy.

Computerphile just released a greate video about the technology and the authentic flow:
https://www.youtube.com/watch?v=xYfiOnufBSk

#Passkeys are everywhere nowadays
#windowshello #fido2 #androidpasskeys #token2

I myself switch to passkeys for any supported service. Have a look here if your services are supported: https://www.passkeys.io/who-supports-passkeys

Understanding why they're more secure and why they are able to be used in so many different shapes is not as easy.

Computerphile just released a greate video about the technology and the authentic flow:
https://www.youtube.com/watch?v=xYfiOnufBSk

#Passkeys are everywhere nowadays
#windowshello #fido2 #androidpasskeys #token2

I myself switch to passkeys for any supported service. Have a look here if your services are supported: https://www.passkeys.io/who-supports-passkeys

Understanding why they're more secure and why they are able to be used in so many different shapes is not as easy.

Computerphile just released a greate video about the technology and the authentic flow:
https://www.youtube.com/watch?v=xYfiOnufBSk

#Passkeys are everywhere nowadays
#windowshello #fido2 #androidpasskeys #token2

I myself switch to passkeys for any supported service. Have a look here if your services are supported: https://www.passkeys.io/who-supports-passkeys

Understanding why they're more secure and why they are able to be used in so many different shapes is not as easy.

Computerphile just released a greate video about the technology and the authentic flow:
https://www.youtube.com/watch?v=xYfiOnufBSk

Upgraded from iPhone 12 Pro Max to an iPhone 17. What I do like is the USB-C port. Now my #Token2 #Passkeys fit directly into the phone (yes, would have worked via NFC too, but that always felt a little quirky). Briefly enabled Apple Intelligence. What a complete trainwreck. Deinstalled after 5 minutes again.

Durch den #CLT2025 Talk zu Passwortlose Logins mit #PassKeys https://media.ccc.de/v/clt25-188-passwortlose-logins-mit-passkeys bin ich auf die #Token2 PIN+ #Securitykeys aufmerksam geworden https://token2.com/shop/category/pin-plus-series
Die DualPort Keys sind wohl sehr nützlich, haben 300 Resident Keys, kommen mit Hülle und kosten nur 26€.
Zur Wasserfestigkeit finde ich leider nichts.
Würde mich über Erfahrungsberichte freuen.
#FIDO2

Has anyone tested (intentional or not) whether the #token2 PIN+ Dual Release3.3 is water proof?

@kkarhan @Wrewdison @nitrokey

Is it worth mentioning #Token2 as a FOSS #yubikey alternative too?

https://www.token2.net/site/page/compass-security-schweiz-ag-completes-independent-public-security-review-of-token2-pin-fido2-security-keys

#FOSS #hardwareKey #2FA #openSource #FIDO

Switching from #Nitrokey Pro 2 with rsa2048 key to #Token2 with ed25519 key means switching from rebasing <2 commits a second to an almost instant rebases.

#Gentoo #git #OpenPGP

@EricAlper
I have so much time for cheap [more] ethical diamonds.
https://www.zeeman.com/nl-nl/campagnes/diamant
I wonder how small a NFC FIDO2 2FA chip could be shrunk for a necklace? Would look natty.
https://www.token2.com/shop/product/t2f2-pin-release3-typec
#diamond #diamonds #token2 #zeeman #jewellery #art #infosec

I didn't buy that Token2 model because of its NFC capability and USB-C connector, but because it's the cheapest #FIDO2 token supporting Ed25519-SK. I did try out using it with my #Fairphone 3 running /e/OS with #MicroG, and it worked fine.

The silicon case I ordered along with the #Token2 key is unfortunately a bit too thick and thereby prevents the key's USB-C connector from being inserted properly into the FP3 if it's wearing its rubber case as well, which makes NFC a bit tricky too.

Besides the #Nitrokey FIDO2, I also already have a Nitrokey U2F & a Solo Somu from #SoloKeys, so I wasn't too keen on paying 50€ + shipping for a new Nitrokey 3A Mini – a product I wouldn't need if my old key's firmware had been updated.

Instead, I bought a 🇨🇭 Token2 PIN+ Dual R3 whose hardware and firmware is also open-source and which costs only 25€ + shipping: https://www.token2.eu/shop/product/pin-dual-release3-fido2-1-key-with-openpgp-and-otp-and-dual-usb-ports #T2F2

The only downside is that #Token2 manufacture their products outside Europe (Nitrokeys are made in 🇩🇪).

I am looking to buy a set of hardware security keys. The #yubikey seems to be the most common and best documented, but the lack of open source and upgradable firmware puts me off. #nitrokey seems like a better option in this regard, but the design is not as nice. I would also very much like a key that combines both USB-A and C. I have now found the #token2 [PIN+ Dual Release3](https://www.token2.com/shop/product/pin-dual-release3-fido2-1-key-with-openpgp-and-otp-and-dual-usb-ports) which fulfills this, but the company is completely unknown to me, and I haven't found much discussion of their products online, which makes me a bit reluctant. They are, however, a member of the FIDO alliance, which is reassuring. The Linux support for their tools also seem to be second-grade. Does anyone have any experience with them?
I intend to use the key for FIDO U2F/FIDO2 authentication, as well as TOTP for the services that do not yet support FIDO. I also want to use it for storing my PGP and SSH private keys.
#U2F #FIDO #FIDO2 #TOTP #hardwaresecuritykey #cybersecurity

Token2 is an open-source Swiss FIDO2 security key that brings innovative features at a cheaper price

Token2 is a cybersecurity company specialized in the area of multifactor authentication. Founded by a team of researchers from the University of Geneva with years of experience in the field of strong security and multifactor authentication. Token2 h ...continues

See https://gadgeteer.co.za/token2-is-an-open-source-swiss-fido2-security-key-that-brings-innovative-features-at-a-cheaper-price/

#authentication #opensource #security #technology #Token2

OTP Token, TOTP token, Replace your mobile authenticator with secure hardware OTP token! Easily programmed via NFC. Designed to use with Google, Facebook, Dropbox, GitHub, Wordpress, Office 365, Azure MFA etc.

Token2 is an open-source Swiss FIDO2 security key that brings innovative features at a cheaper price

https://squeet.me/display/962c3e10-0084ec9b-cea78e5abcbf8b5d