FIDO2
Security Keys Providers
- Yubico
- Nitrokey
- Thetis
- Onlykey
- Google Titan - Note: unavailable in most of the world
- Feitian
- ExcelSecu
- Token2
- Hypersecu
- Identiv
- Kensington
- GoTrust
Support Matrix
| Name | 2FA | Passkey |
|---|---|---|
| GitHub | Yes | Yes |
| Yes | Yes | |
| Gandi | Yes | No |
| Proton | Yes | No |
| Microsoft | Yes | Yes |
| DNSimple | Yes | No |
| Discord | Yes | No |
| GitLab | Yes | No |
| Forgejo | Yes | No |
| Sharkey | Yes | Yes |
| BitWarden | Yes | No |
| Mailcow | Yes | Yes |
Claims to support
- PayPal - As 2FA, could not test, nonworking implementation; passkeys supported but only with Android or iOS builtin
- Hetzner - As 2FA, only supports Yubikey TOTP
Setting up SSH with a FIDO key
Windows 11
Windows 11 ships with outdated software which means before all, you will need to install the latest version of Win32-OpenSSH which supports FIDO2 flows.
The rest is pretty easy:
- Generating the key:
ssh-keygen -t ed25519-sk -O residentand should output your new public key to~/.ssh/id_ed25519_sk.pub
Now trying to SSH into something should bring up a window asking you to touch your key to confirm the action.