|One Time Passwords (OTP)||Universal 2nd Factor (U2F)|
|Feitian Technologes iePass FIDO|
|Titan Security Key|
TrustKey is a Korean based hardware authentication company. TrustKeys are also the world’s first authentication device to receive FIDO2 Level 2 security certifications from the FIDO Alliance.
TrustKeys utilize an eWBM’s MS500 microprocessor with strong security features, such as built in storage to encrypt fingerprint data used to authenticate the device.
TrustKey is also compatible out of the box with Microsoft Azure AD.
The iePass dongle is an MFi & FIDO2 certified Security Key that is compatible for both USB-C and Apple lightning connections.
This allows the iePass to stand out among its competitors since it’s port fits most devices.
iePass FIDO utilizes a CC EAL6+ Certified secure element which stores all credentials securely inside, preventing an attacker from stealing the credentials either through cyber or physical attack.
Hypersecu is a Canadian IT security company based in Richmond, British Columbia.
Their advanced HyperFIDO Pro product is RSA ready and compatible with Microsoft Azure AD.
Ledger is a hardware wallet device normally used to store cryptocurrencies like Bitcoin.
However, Ledger has recently allowed users to store other forms of sensitive data on their devices’ secure element. These include passwords and credentials.
This means that the Ledger can make an awesome dongle authenticator. However, we wouldn’t recommend you use the device to store crypto AND passwords. Get a second Ledger if you want to do both.
NitroKey is a Berlin, Germany based IT security hardware company.
With the exception of Yubiko’s Yubikey, NitroKey is probably the most famous hardware authentication product on the market and has out-of-the-box integrations for all the most popular platforms and software.
OnlyKey makes its name by trying to improve on the very famous Yubikey in just about every way.
It can store up to 24 site passwords, usernames, and OTP accounts. It can function as a hardware auth key and supports OTP2 authentication. And, it also offers a device PIN, which means if someone steals your OnlyKey, they won’t be able to use it to attack your accounts without knowing the PIN.
The firmware is also completely upgradeable, as opposed to having to replace the hardware when new firmware is released and all software is completely open source.
Solokeys feature many different versions to fit any port you need, and some even feature NFC chips for wireless authorization.
Solokeys operate on the FIDO2 standard, which means you are getting the most up-to-date encryption methods for your auths on the market.
It also features a TRNG (True Random Number Generator) on its chip to make sure keys are actually randomly generated. The keys themselves are generated off-chip and stored in write-only memory, which means they cannot be read except by the off-chip peripheral itself, protecting them from leaking.
Finally, the chip features temperature and voltage sensors to make sure that if any physical tampering occurs, the contents of the chip are deleted.
They are also priced very nicely and have lots of great documentation to help you get your new set up sorted quickly.
The Titan Security Key is a hardware authentication device manufactured by Google.
What makes the Titan unique is that they utilize a hardware chip with special firmware developed by Google make sure keys have not been tampered with. This includes physical attacks on the hardware so that someone who finds your Nitrokey can’t extract the keys by hand.
As with all google products, the build quality is good and you know you are dealing with a very public, reputable company, but google does not have the best privacy history, so keep that in mind as well.
Like Ledger, Trezor is mostly known for being a cryptocurrency hardware wallet.
This is a good thing, because hardware wallet manufacturers are typically the best manufacturers there are when it comes to storing valuable digital secrets on hardware.
However, unlike Ledger, Trezor has very easy-to-use software if you want to use their device as a hardware two-factor.
That said, Trezor does not feature a secure element, which means the device is vulnerable to physical attacks.
Yubikey is perhaps the most well-known OTP and FIDO hardware authentication device on the market.
You might even say they invented the category (or at least popularized it).
Yubikey features many different products with varying levels of security and connection types (UBC-A, USB-C, lightning, etc.). Whether you are just using it to protect your social media accounts or securing access to nuclear launch codes, yubikey probably has a device for your needs, and they have a great track record for security.