Cheap FIDO2 USB

Last Modified: Mon, 17 Feb 2025 19:34:26 +0000 ; Created: Mon, 17 Feb 2025 19:34:26 +0000

I was looking for any way to have a FIDO2 USB security key that cost under $10. I found this project https://www.picokeys.com/pico-fido/ which seemed neat.

I tested it with a LilyGo T-Dongle S3 USB device (ESP32-S3) and flashed the firmware. It worked! I could set a PIN on the device and enroll the FIDO2 key. Pressing the button on the device worked to authorize the key to test WebAuthN sites.

Cons:

  1. One device with shipping costs $25. There is a direct from OEM version without a display for $11 (plus shipping/tax).
  2. It does not have a secure enclave for the secrets
  3. No NFC support
  4. Bluetooth existed but was not an option (no battery power)

Another Option

The project also supports the Raspberry Pico 2. I did not have one, but it appears to have Secure Boot and Secure Lock options.

Cons:

  • The secure enclave is not well vetted yet
  • Requires printing a case
  • OEM version comes with a micro-USB port so a cable would be required
  • No NFC support
  • Larger form factor

Cost:

Not including shipping + tax
$5 for Pico 2
$2 for a 3D printed case
$4 for a cable from micro-USB to lightning or USB-C or USB-A

Adding in shipping pushes over the $10 goal. Also the lack of NFC means more work to connect to tablets or phones.

Summary

For around $19 you can get a USB security key with NFC and a smaller footprint. The Pico Fido project is cool and might make a good HSM for local dev work, but for FIDO2 security keys using a commercial product (or your smartphone) is still cheaper. It'd be nice to see a USB+NFC key that only cost $5 since it can offer better security than smartphones. A $5 price point would make it economical to replace if lost (just like house keys).

Still going to keep looking for high security USB keys that cost little.