Cryptnox, a Fido Alliance member, is developing and producing a range of smart cards for various applications such as FIDO2.
There is no specific FIDO2 software installation required. Compatible browsers and operating systems include built in support for FIDO2 devices (All Cryptnox software are developed for other types of cards, do not try to use them with a FIDO2 SmartCard).
For the use of a Cryptnox FIDO2 SmartCard as a security key with iPhones (as of iOS 16.3), you will need a minimum of two cards. Specific instructions for iPhone can be found on the official Apple documentation here.
You can purchase a Cryptnox FIDO2 SmartCard on Amazon or on the Cryptnox Shop.
The FIDO2 is a protocol natively supported by most browsers that enables users to authenticate with Fido2 compatible devices to online services, in both mobile and desktop environments.
The corresponding specifications are defined both by the World Wide Web Consortium (WebAuthn) and the FIDO Alliance (Client-to-Authenticator Protocol aka CTAP).
More info on FIDO2 on the Fido Alliance website here.
The Cryptnox FIDO2 SmartCard supports the FIDO2 protocol as well as its predecessor, U2F (FIDO Universal 2nd Factor).
It is Fido2 Level 1 Certified.
For mobile phones in general, the Cryptnox FIDO2 SmartCard supports NFC communication with NFC enabled iPhone and Android devices. The FIDO2 NFC communication functionality is already built in, there is no software installation required. It is compatible for usage as a security key with iPhones as of IOS 16.3 for AppleID login. A minimum of two Fido2 cards is required. Corresponding guide can be found here.
For website authentication on mobile phones (via NFC), major browsers are compatible on Android. For IOS, only Safari is compatible.
For website authentication on desktop/laptop (with a compatible card reader), the Cryptnox FIDO2 SmartCard is currently supported on Microsoft Windows with most browser such as Google Chrome, Mozilla Firefox, Microsoft Edge. On Apple MacOS, only Safari is supported on sites with a compatible implementation (compatibility is variable and must be tested on a case by case basis).
For desktop/laptop login, it is only compatible Microsoft Window with a 365 Business subscription . MacOS is not yet supported. Microsoft Windows has FIDO2 communication feature built in and does not require any software installation.
Compatible card reader for desktop/laptop must connect via USB. NFC reader must be ISO 14443 Compliant (13.56 Mhz). Contact Reader must be ISO 7816 compliant.
No software or driver installation is required. Compatibility is natively provided by the respective operating systems.
Updated since 10th of March 2024
As listed here in the Current Partners section, Cryptnox has been registered as a Microsoft-compatible FIDO2 security key vendor. There is no need to configure Azure Active Directory anymore.
Simply go to https://myprofile.microsoft.com, Security Info -> Add sign-in method. Choose Security Key and follow the instructions. You will then be able to use a Cryptnox Fido2 card to log into your Windows Microsoft account.
The Cryptnox FIDO2 SmartCard supports two-factor authentication (2FA) and passwordless authentication:
These possibilities depend of the website FIDO2 implementation. The request to authenticate with your Cryptnox Fido2 card is displayed as a pop-up notification with the “tap your security key on the reader” mention. See examples below.
With an NFC reader: simply remove and replace the Cryptnox FIDO2 SmartCard from the reader.
With Contact reader: while keeping the reader connected to the desktop/laptop via USB, remove and replace the Cryptnox FIDO2 SmartCard from the reader.
For testing, you can try registering and logging into the following “test” websites:
https://fido2-testing-tool.cryptnox.com Or https://webauthn.io
Make sure your Cryptnox FIDO2 SmartCard is connected to the desktop with an NFC or contact reader.
If the box “Authenticator Type” appears, choose “Cross Platform” (If you choose “Platform” it will use your computer operating system to store the credentials).
Click Register and follow instructions. If asked to “tap your security key on the reader” with a contact reader, extract and reinsert the card in the reader while keeping the reader connected to the desktop.
Other demo sites: Webauthn.me
Best is to check your usual websites if they already support Fido2 Security Protocol. More and more sites support such protocol every day. If they do, they generally have specific instructions.
A non exhaustive list of sites accepting Fido2 and/or U2F can be found on Hideez site.
In Security Protocol, choose either U2F or Fido2/Webauthn.
Go to Manage Your Google Account and enable two steps verification following the instructions on:
Enable 2-step verification for added account security
Then go to Manage Your Google Account -> Security -> 2-Step verification -> Security Keys
Then click on “Add security key” and follow the instructions on the screen.
You can manage the pin or reset your Cryptnox Fido2 Card with a Windows Desktop/laptop connected to a card reader. Go to Settings -> Accounts -> Sign In Options -> Security Key -> Manage
Follow instructions and choose to manage pin or reset card.
Resetting the card will return it to factory setting and delete all credentials.
In some rare cases, you are required to provide the AAGUID of the Cryptnox FIDO2 SmartCard:
9c835346–796b-4c27–8898-d6032f515cc5
Crytpnox, a Fido Alliance member, is developing and producing a range of smart cards for various applications such as FIDO2.
There is no specific FIDO2 software installation required. Compatible browsers and operating systems include built in support for FIDO2 devices (All Cryptnox software are developped for other types of cards, do not try to use them with a FIDO2 Smartcard).
For the use of a Cryptnox FIDO2 smartcard as a security key with Iphones (as of IOS 16.3), you will need a minimum of two cards. Specific instructions for Iphone can be found on the official Apple documentation here.
You can purchase a Cryptnox FIDO2 SmartCard on Amazon or on the Cryptnox Shop.
FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments.
The FIDO2 specifications are the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).
More info on FIDO2 on the Fido Alliance website here.
The Cryptnox Fido2 SmartCard supports the FIDO2 protocol as well as its predecessor, U2F (FIDO Universal 2nd Factor). It is Level1 Certified.
The Cryptnox Fido2 SmartCard supports NFC communication with NFC enabled Iphone and Android devices. It is compatible for usage as a security key with Iphones as of IOS 16.3. The FIDO2 NFC communication functionality is already built in, there is no software installation required.
For desktop/laptop, it is only compatible Microsoft Windows for now. MacOS is not yet supported (but soon). Microsoft Windows has FIDO2 communication feature built in and does not require any software installation.
Desktop/Laptop connection requires a USB NFC reader (ISO 14443 Compliant/13.56Mhz) or a USB Contact Smartcard Reader (ISO 7816 compliant).
FIDO2 is currently supported with most browser such as Google Chrome, Mozilla Firefox, Microsoft Edge. Apple Safari is only supported on Iphone with NFC communication enabled.
The Cryptnox Fido2 SmartCard supports two-factor authentication (2FA) and passwordless authentication:
These possibilities depend of the website Fido2 implementation
If “tap your security key on the reader” is required such as any of these pop-up notification:
With an NFC reader: simply remove and replace the Cryptnox Fido2 SmartCard from the reader
With Contact reader: while keeping the reader connected to the desktop/laptop via USB, remove and replace the Cryptnox Fido2 SmartCard from the reader
In some cases, you are required to provide the AAGUID of the Cryptnox Fido2 SmartCard is:
9c835346–796b-4c27–8898-d6032f515cc5
It might be required in some cases, such as the Windows Hello login description below.
For testing, you can try registering and logging into the following “test” websites:
Or
Make sure your Cryptnox Fido2 SmartCard is connected to the desktop with an NFC or contact reader
In the box “Authenticator Type” choose “Cross Platform” (If you choose “TPM” it will use your computer TPM chip to store the credentials)
Click Register and follow instructions. If asked to “tap your security key on the reader” with a contact reader, extract and reinsert the card in the reader while keeping the reader connected to the desktop
Other demo sites:
Best is to check your usual websites if they already support Fido2 Security Protocol. More and more sites support such protocol every day. If they do, they generally have specific instructions.
A non exhaustive list of sites accepting Fido2 and/or U2F can be found on Hideez site.
In Security Protocol, choose either U2F or Fido2/Webauthn.
Go to Settings -> Accounts -> Sign In Options -> Security Key -> Manage
Follow instructions and choose to manage pin or reset card.
Resetting the card will return it to factory setting and delete all credentials.
Go to Manage Your Google Account and enable two steps verification following the instructions on:
Enable 2-step verification for added account security
Then go to Manage Your Google Account -> Security -> 2-Step verification -> Security Keys
Then click on “Add security key” and follow the instructions on the screen.
Note: a Microsoft 365 Business Premium subscription is required. These steps are slightely more complex than with usual Fido2 use cases, but not “that” complex either.
First you need to configure the FIDO2 security key restriction.
The configuration steps are pretty straightforward and can be achieved by enabling FIDO2 Security Keys authentication method, and adjusting the KEY RESTRICTION POLICY.
First go into your https://portal.azure.com/ and click on Azure Active Directory
Got to Security -> Authentication Methods -> Policies -> Fido2 Security Key
In Fido2 Security Key Settings -> ENABLE, select YES. Adjust the Target setting to All user or Selected Users as required.
Then go into Configure and you can either select NO for Enforce Key Restriction, such as:
Or Enforce Key restriction and add the required AAGUID:
9c835346–796b-4c27–8898-d6032f515cc5
Now that the card is authorized in your corresponding active directory settings, you need to register your Cryptnox Fido2 Smartcard in your account.
Go to https://myaccount.microsoft.com, Security Info -> Add sign-in method.
Choose Security Key and follow the instructions
© 2023 CRYPTNOX SA – 36 Avenue Cardinal Mermillod 1227 Geneva, Switzerland IDE : CHE-432.952.622