Test FIDO
Congratulations that you have got your OpenSK USB dongle, now you can try FIDO functions to do fast online authentication. OpenSK implements FIDO2(CTAP2) and FIDO U2F specifications, it can support any website leveraging W3C WebAuthN.
Manage OpenSK¶
There are two ways to manage your OpenSK USB Dongle, include Reset, Set PIN, and Change PIN.
Windows Settings¶
- Open the Windows Settings app, select Accounts, select Sign-in options, select Security Key, and then select Manage.
- You can then attach OpenSK to the USB port to manage it as you want.
NOTE
- Please refer to Microsoft Document for detailed information.
- Security Key option in Windows Settings is only available from Windows 10 1903.
Chrome Browser¶
- From Chrome browser, open URL chrome://settings/securityKeys, or open menu "Settings” => “Privacy and security” (More)=> “Manage security keys”.
- You can see Manage security keys page, then you can do corresponding operations following the tips.
NOTE
I don't know the exact version of Chrome that started to add this UI, but please update it to the latest version to have this function.
Demo Websites¶
There are a lot of Demo websites list here, you can try and test.
Here I recommend
- https://webauthn.io/ (from DUO)
- https://webauthndemo.appspot.com/ (from Google)
WARNING
I can not guaranty that all the demo websites can work well with OpenSK.
Real use cases¶
There are a lot of online services that can use FIDO2/U2F to do 2FA or passwordless authentication, please refer to FEITIAN website and click corresponding service ICON to learn.
Here just emphasize services from two big FIDO players, Google and Microsoft.
Google¶
- Google 2-Step Verification¶
- Please refer to Google's help to bind OpenSK to your Google services. Or
- Take a look at 2.1 of Feitian's help document to bind and try OpenSK instead of ePass FIDO security key.
- Google Advanced Protection¶
- Please refer to landing page or help page of Google Advanced Protection to get how to setup.
WARNING
When you add a security to Google services, you may encount problem because OpenSK uses self attestation. So plesae click "Skip" when Chrome prompts "allow this site to see your security key? google.com wants to see the make and model of your security key."
Microsoft¶
Microsoft Account Passwordless Logon¶
- Please refer to Microsoft Blog to learn how to do Microsoft Account Passwordless Logon with FIDO2 security keys. Or
- Take a look at Chapter 2.2 of FEITIAN FIDO2 scenarios to configure OpenSK with Microsoft Account step by step.
Others¶
Surely there are a lot of other online services except for Google's and Microsoft's, you can learn from
- FIDO2 Scenarios and U2F Scenarios from Feitian's resources.
- Knowledge Base from Feitian
- fido.ftsafe.com Dedicated FIDO website from Feitian. Here you can find the list of online services to use FIDO.