passkey doc start #374
+164
−1
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| Examples | ||
| ======== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| Nitrokey Passkey FAQ | ||
| ==================== | ||
|
|
||
| **Q:** Which Operating Systems are supported? | ||
| Windows, Linux, and Mac OS X. Also some support (FIDO2) for Android. | ||
|
|
||
|
|
||
| **Q:** What can I use the Nitrokey for? | ||
| Second or first factor authentication for services which support Webauthn/Passkey/FIDO2/FIDO U2F. | ||
|
|
||
| **Q:** What happens if I lose my Nitrokey Passkey device? | ||
| When securing accounts using FIDO (two-factor authentication and | ||
| passwordless login), you should configure another factor in your account as | ||
| a backup. Depending on the service this backup factor can be a phone number, | ||
| an app or even a second Nitrokey FIDO2. If you lose a Nitrokey Passkey, you | ||
|
|
||
| can still log in with the second Nitrokey FIDO2 (or with another second | ||
|
|
||
| factor). | ||
|
|
||
| **Q:** How large is the storage capacity? | ||
| The Nitrokey FIDO2 doesn't contain storage capability for ordinary data (it can | ||
|
|
||
| only store cryptographic keys and certificates). It can hold over 100 Passkeys/FIDO2 keys. | ||
|
There was a problem hiding this comment. no certificates. Is the number really correct? |
||
|
|
||
| **Q:** How to use Nitrokey Passkey with Azure Entra ID (Active Directory)? | ||
| After `disabling Enforce Attestation`_ Nitrokey Passkey is supported by Azure Entra ID out of the box. | ||
|
|
||
|
|
||
| .. include:: ../../shared-faqs/hyperlinks.rst.inc | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| Getting Started | ||
| =============== | ||
|
|
||
| Hardware | ||
| -------- | ||
|
|
||
| TODO Image with focus on touch button | ||
|
|
||
| First steps | ||
| ----------- | ||
| The Nitrokey Passkey supports two-factor authentication (2FA) and | ||
| passwordless authentication: | ||
|
|
||
| - With **passwordless authentication**, entering a password is replaced | ||
| by logging in with the Nitrokey FIDO2 and a PIN. | ||
|
|
||
| - With **two-factor authentication** (2FA), the Nitrokey FIDO2 is | ||
| checked in addition to the password. | ||
|
|
||
| The Nitrokey Passkey can be used with any current browser. | ||
|
|
||
| .. important:: | ||
|
|
||
| The Nitrokey App can not be used for the Nitrokey Passkey. | ||
|
|
||
|
|
||
| Passwordless Authentication | ||
| --------------------------- | ||
|
|
||
| 1. Open a web page that supports FIDO2 (for example | ||
| `Google <https://myaccount.google.com/>`__). | ||
| 2. Log in to the website and go to “Passkeys and security keys” in the security | ||
| settings of your account. | ||
| 3. Click on Create passkey. | ||
| 4. Click on Use a different device. | ||
| 5. Follow the prompts to set a PIN for your Nitrokey Passkey. | ||
| 6. Touch the button of your Nitrokey Passkey when prompted. | ||
| 7. Once you have successfully configured the device, you will need to | ||
| activate your Nitrokey Passkey this way each time you log in, after | ||
| entering your PIN. | ||
|
|
||
| Two-Factor Authentication (2FA) | ||
| ------------------------------- | ||
|
|
||
| 1. Open one of the `websites that support FIDO | ||
| U2F <https://www.dongleauth.com/>`__. | ||
| 2. Log in to the website and enable two-factor authentication in your | ||
| account settings. (In most cases you will find a link to the | ||
| documentation of the supported web service at | ||
| `dongleauth.com <https://www.dongleauth.com/>`__) | ||
| 3. Register your Nitrokey Passkey in the account settings by touching the | ||
| button to activate the Nitrokey Passkey. After you have successfully | ||
| configured the device, you must activate the Nitrokey Passkey this way | ||
| each time you log in. | ||
|
|
||
| You are now ready to go. | ||
|
|
||
| Touch Button And LED Behavior | ||
| ----------------------------- | ||
|
|
||
| The first FIDO operation is automatically accepted within two seconds | ||
| after connecting Nitrokey Passkey. In this case touching the touch button | ||
| is not required. | ||
|
|
||
| Multiple operations can be accepted by a single touch. For this, keep | ||
| the touch button touched for up to 10 seconds. | ||
|
|
||
|
|
||
| +------------------+-----------------------------+------------+ | ||
| | LED Color | Event | Comments | | ||
|
There was a problem hiding this comment. See my changes related to such table in the other PR. Remove empty column. |
||
| +==================+=============================+============+ | ||
| | White (blinking) | waiting for touch event | | | ||
| +------------------+-----------------------------+------------+ | ||
| | Teal (constant) | processing | | | ||
| +------------------+-----------------------------+------------+ | ||
| | Red (Constant) | Crash | | | ||
| +------------------+-----------------------------+------------+ | ||
|
|
||
|
|
||
|
|
||
| Troubleshooting (Linux) | ||
| ----------------------- | ||
|
|
||
| If the Nitrokey is not detected, proceed the following: | ||
|
|
||
| 1. Copy this file | ||
| `41-nitrokey.rules <https://www.nitrokey.com/sites/default/files/41-nitrokey.rules>`__ | ||
| to ``/etc/udev/rules.d/``. In very rare cases, the system will need | ||
| the `older | ||
| version <https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey_old.rules>`__ | ||
| of this file. | ||
| 2. Restart udev via ``sudo service udev restart`` or ``udevadm control --reload-rules && udevadm trigger`` if you are using Fedora. | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| Reset and Recovery | ||
| ================== |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"macOS"