Portiva asked FEITIAN if they would like to send a trial set of FIDO keys to test and to validate its usability with Windows 10 and mobile devices.

Wikipedia states FIDO (“Fast IDentity Online”) Alliance as an open industry association launched in February 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. FIDO addresses the lack of interoperability among strong authentication devices and reduces the problems users face creating and remembering multiple usernames and passwords.

FEITIAN provides strong authentication solutions to fit the needs that covers financial, healthcare, government, enterprise, payment, and more. Backed with a strong and experienced R&D team, FEITIAN is able to quickly react to the industry trends and market requests, with easy integration at competitive cost.

I’ve tested the K27 device from FEITIAN which is an USB-A device that allows for biometric and FIDO2 authentication.

IMG_2949

Why a FIDO security key

Passwordless is a term that is currently circulating in the security scene. This means that users don’t need to remember or need to know their password to log on to resources. True passwordless means that the user doesn’t have a password anymore, so password phishing attempts are mitigated as hackers need to use the external device to authenticate. Using your security key on unmanaged devices will also prevent keyloggers from recording your password.

A security key is a good step to become passwordless as users don’t need to use their password anymore where they can set a long, secure and memorable password which they don’t need to provide every time. The security key is also 1 of the factors for multi factor authentication. The FEITIAN K27 combines 2 factors in 1 device. You have the following factors for authentication:

  • Something you have – some physical object in the possession of the user, such as a USB stick with a secret token, a bank card, a key, etc.
  • Something you know – certain knowledge only known to the user, such as a password, PIN, TAN, etc.
  • Something you are – some physical characteristic of the user (biometrics), such as a fingerprint, eye iris, voice, typing speed, pattern in key press intervals, etc.
  • Somewhere you are – some connection to a specific computing network or utilizing a GPS signal to identify the location.

The FEITIAN K27 combines something you have as it’s my USB stick and something you are/know as it requires my fingerprint or PIN to work.

First time use

You first need to register your fingerprints on the FEITIAN K27 before you can use it correctly. Users can manage fingerprint, PIN or reset a security key by using FEITIAN’s BioPass FIDO2 manager on computers running on Windows 10 lower than Build 18298. Users running on Windows 10 Insider Preview Build 18298 can now set up a security key straight from System Settings Panel.

You can check which build you are running on by going to “run”

clip_image002

And then type “winver”

clip_image004

And click on OK

clip_image006

This means that my device has the correct build version to use the FEITIAN K27 without the manager. In my case I went to the sign-in options in Windows 10.

clip_image007

And clicked on Manage at “security key”

clip_image009

First add a security PIN

clip_image010

And click on OK

clip_image011

Now you can add your fingerprints

clip_image013

First enter your security PIN

clip_image015

Touch the sensor

clip_image017

Add as many fingers as you like and click on done and close the screen.

Connect to Office 365

Now we would like to connect the FEITIAN K27 to Office 365. Go to https://portal.office.com

clip_image002[4]

Go to “My account”

clip_image003

Security and privacy

clip_image005

Go to “update your phone numbers used for account security”

clip_image007

Add security method

clip_image009[4]

Select “security key”

clip_image011

Sign in with two-factor authentication and repeat the above two steps to add a security key

clip_image013[4]

Select an USB device or NFC but the K27 doesn’t have NFC.

clip_image015[4]

clip_image017[4]

Click on continue

clip_image018

Touch your key

clip_image019

Allow

clip_image020

And name your key

clip_image022

Done and that’s all it takes to register your security key with your Azure AD account.

Testing the FEITIAN K27

Logging in on the Windows 10 workplace

Log off or go to the lock screen on your Windows 10 workplace.
Note that if you use Windows Hello Face it will try to authenticate you directly where I had to cover the camera.

clip_image002[6]

Click on the security key icon

clip_image004[4]

And touch your security key.

Logging in using Chrome to https://portal.office.com

In this test I’ll be connecting using the browser to Office 365. Your managed workplace will most likely sign you in with SSO and you don’t need to present a passcode. You will normally provide your password but in this case I can also select to use my security key

clip_image006[4]

clip_image008

Touch your key
Note that if you wait to long it will fallback automatically to your pin

clip_image010

And afterwards you will still need to use your finger

clip_image008[1]

clip_image012

And your connected with Office 365 without the need of using your password.

Pairing and testing with your Google account

Note that you already need MFA on your Google account before you can setup a security key.

Go to your Google account

clip_image002[8]

And click on Security

clip_image004[6]

Select 2-Step verification

clip_image006[6]

Scroll down and select the Security Key

clip_image008[6]

Select USB or Bluetooth

clip_image010[4]

Next

clip_image011[4]

Touch your key

clip_image012

Allow access

clip_image014

Give it a name and click on Done.

Now for testing I’ll use an in-private browser where I’ll still need to use my password but for my second factor, I can use the security key in stead of my Chrome authenticator

clip_image015

Pairing and testing with your Twitter account

Note that you already need MFA on your Twitter account before you can setup a security key.

It is possible to pair your security key with a Twitter account. Go to your Twitter account and click on settings and privacy and then on Security under account

clip_image001

clip_image003

Then select Two-factor authentication

clip_image004

Select the security key

clip_image005

Start

clip_image007[4]

clip_image008

And now start an in-private session and try to logon

clip_image010[6]

You can now logon to Twitter with your security key

Pairing and testing with your Facebook account

Note that you already need MFA on your Facebook account before you can setup a security key.

Go to you Facebook account and go to security and login

clip_image001[4]

clip_image003[4]

Click on edit at ‘Use two-factor authentication’

clip_image005[4]

Click on setup at the security key

clip_image006

clip_image008[8]

Allow

clip_image010[8]

OK and try to logon in an in-private browser

clip_image012[4]

You will now be logged in at Facebook

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.