Two-factor security is a basic requirement these days if you want to take your digital responsibilities seriously, but some hardware lacks the sort of public documentation that some privacy advocates feel is truly necessary to provide ideal security. Open source enthusiasts will be glad to hear that Google has just announced the release of OpenSK, an open-source implementation for security keys, supporting both FIDO U2F and FIDO2.

This isn’t the sort of thing most of our readers will be able to appreciate immediately, you can’t zip out and buy a product running Google’s OpenSK just yet. This early, explicitly experimental release is only compatible with a single piece of reference hardware right now: the Nordic chip dongle (for which the project supplies a 3d-printable case). But with this working software platform and reference hardware, Google and participating developers/security researchers may be able to build something new with the benefits of open-source security.

A quick demonstration of OpenSK working on a Nordic chip dongle as a security key.

Rust evangelicals — who frequently champion its memory safety/security — will be glad to hear that a good chunk of OpenSK is written in the language, running on top of TockOS. Those interested in learning more can dive right into the GitHub repository and see how it all works.

https://www.androidpolice.com/2020/01/30/google-releases-open-source-2fa-security-key-platform/

Leave a Reply