OnlyKey explained

OnlyKey is a multi-function hardware security key combining features of a password manager, two-factor authentication (2FA) token, file encryption token, and secure storage device. The device incorporates hardware storage for password and username combinations, while also acting as a portable password manager.^[1]

Overview

OnlyKey is notable for its physical keypad, which allows users to enter a PIN code directly on the device.^[2] After 10 failed attempts to unlock, all data is erased. The device also features a data-destruction code that the user can key in.^[3] The device can store passwords, usernames, URLs, and one-time password (OTP) accounts, which can be used for online/offline access.

Features

• Password management: OnlyKey can store and manage up to 24 passwords, usernames, URLs, and one-time password (OTP) accounts on the device itself.
• Two-factor authentication (2FA): OnlyKey supports various 2FA protocols including FIDO2 WebAuthn, FIDO U2F, TOTP, Yubico OTP, and Challenge-response.^{[4] [5]} When logging in to a configured website or service, besides entering the username and password, the user also physically confirms the login attempt by pressing a button.
• Security and Durability: OnlyKey is open source and has upgradable firmware.
• Set up Apps: The device can be used via a cross-platform desktop app, as well as other desktop apps on macOS, Windows, and Linux (.deb)^[6]

Disadvantages

• Cost: Compared to software-based password managers, OnlyKey requires an upfront purchase for the hardware device itself.
• Learning Curve: Setting up and using OnlyKey may require familiarization with its features and functionalities compared to typical password management solutions. Complex setup process compared to security keys like YubiKey.
• Physical Loss: Losing the OnlyKey device can potentially lock the user out of their accounts if no backup is created. Unlike other security keys, OnlyKey has a secure backup feature to solve this issue.
• Limited OTP Functionality: The absence of both an on-board clock and non-volatile memory necessitates the OnlyKey App to be running for Time-based One-Time Password (TOTP) generation. Although there are some exceptions when the hardware key is continuously powered.

Notes and References

1. Web site: W. . Tyler . OnlyKey is not the Only Key . Cyberwise . 2021-07-25 . 2024-04-03 . https://web.archive.org/web/20231208114720/https://www.cyberwise.tech/media/onlykey-is-not-the-only-key . 2023-12-08 . live.
2. Web site: Wazir . Saeed . 2023-12-18 . Best security keys: Secure your laptops, smartphones and apps from hackers . live . https://web.archive.org/web/20240329203318/https://www.pocket-lint.com/best-security-key/ . 2024-03-29 . 2024-04-03 . Pocket-lint.
3. Web site: Kingsley-Hughes . Adrian . OnlyKey: The ultimate security key for professionals . ZDNET . 2021-02-10 . 2024-04-03. https://web.archive.org/web/20240324022732/https://www.zdnet.com/article/onlykey-the-ultimate-security-key-for-professionals/ . 2024-03-24 . live.
4. Web site: Blog: OnlyKey Thoughts . It's Chris Approved . 2024-04-03 . https://web.archive.org/web/20230628000053/https://www.chrisapproved.com/blog/onlykey_thoughts.html . 2023-06-28 . live.
5. Web site: Loeffler . John . The best security key in 2024: hardware keys for top online protection . TechRadar . 2023-01-13 . 2024-04-03. https://web.archive.org/web/20240329080816/https://www.techradar.com/best/best-security-key . 2024-03-29 . live.
6. Web site: Mens . Jan-Piet . Testing an OnlyKey hardware password manager . Jan-Piet Mens . 2019-08-26 . 2024-04-03 . https://web.archive.org/web/20230925140453/https://jpmens.net/2019/08/26/testing-an-onlykey-hardware-password-manager/ . 2023-09-25 . live.