OnlyKey

OnlyKey is an open source alternative to YubiKey

OnlyKey is a USB security key that works virtually everywhere. Like a swiss army knife of authentication, OnlyKey natively supports: a hardware password manager, multiple two-factor methods (FIDO2, TOTP, and Yubico® OTP), passwordless SSH login, and OpenPGP.
discussion
Would you recommend this product?
8 Reviews3.1/5
Cool!
Share
Rodney GolpeRocket Loans Tech Team Leader
Best key on the market, hands down 👍
Share
Pascal KrasonBe different.
Really a great product, we need some real open source alternative in this sector! But as already other said here on hn, this seems to have some critical flaws and still needs a lot refinement. See the comments on their Hacker News post: https://news.ycombinator.com/ite...
Share
@pascal_krason Thanks for the support of OnlyKey! I reviewed the HN post, there are no critical flaws mentioned in regards to OnlyKey. There are as always with security products criticism that you would find along with similar products. The criticism is a good thing as it keeps driving products like this to be better.
Share
Kellen ScarlettDevOps Engineer
@pascal_krason @t_steiner That's odd because I can see myself that there's plenty of people pointing out flaws that are 100% valid. The code quality is also of a standard that... well, let's just say I don't know a single company or open source project that would ever accept some of this. Btw, have you finally released the schematics of this so called 'open source' project, or are you still hiding behind "oh, it's not useful for you"?
Share
@kscarlett Hi Kellen, > That's odd because I can see myself that there's plenty of people pointing out flaws that are 100% valid. There are literally no vulnerabilities or any valid security issues identified in the HN post. Unfortunately, those posts you are referring to are from those who clearly did not read any of the OnlyKey security documentation and jumped to some very wrong conclusions, like OnlyKey is an Arduino, which it is clearly not, and that OnlyKey does not utilize hardware security, which it does - https://docs.crp.to/security.htm... > Btw, have you finally released the schematics of this so called 'open source' project, or are you still hiding behind "oh, it's not useful for you"? As already mentioned in the HN post, OnlyKey is open source, this is not to be confused with open hardware which it is not. Just wondering, what additional security would you expect from open hardware vs. open software with transparently designed hardware? From a threat modeling perspective, by being open hardware there is an additional threat model created where it is now easy for adversary to create identical clones of security key that can be used maliciously. Essentially, open hardware security devices may in many cased be less secure. > The code quality is also of a standard that... well, let's just say I don't know a single company or open source project that would ever accept some of this. Looking at your profile Kellen it looks like you are a video game developer, specializing in Go language. We are always happy to have our source reviewed, this is one of the great things about OnlyKey being an open source project you are free to do this. A game developer with no security credentials whatsoever providing security advice is pretty much the kind of thing you will find throughout the HN post, this is why it's a very unreliable source of information. When it comes to security questions, trust an expert, not the top post on a thread. For more information about CryptoTrust, the makers of OnlyKey you can find our team with internationally recognized security credentials here - https://crp.to/t/ For more info on OnlyKey: Get started - https://onlykey.io/start General documentation - https://docs.crp.to/ FAQs - https://docs.crp.to/faq.html Compare to Yubikey - https://crp.to/p/ Setup and User's Guide - https://docs.crp.to/usersguide.html Features - https://docs.crp.to/features.html Support - https://forum.onlykey.io/ List of supported services - https://onlykey.io/pages/works-w...
Share
Chris JohnsonSecurity Consultant
This is definitely the security key you want. I have been using my OnlyKey reliably for over 2 years after switching from Yubikey and have not looked back. I love the physical PIN security, unlike the other security keys out there this one is actually still secure if ever lost or stolen.
Share
Rodney GolpeRocket Loans Tech Team Leader
There are too many great features to list, but my current favorite is the ability to export an encrypted backup of your settings and accounts, and import to a new OnlyKey. I lost my OK in Vegas during AWS re:Invent. Thankfully, I had backed it up before leaving and bright a spare in my backpack! ZERO DOWNTIME.
Share
Hunting down comments...