Expired Hot Deals

Amazon.ca

Feitian ePass K9 - Multi-Factor Authentication USB-A Security Key with NFC FIDO U2F FIDO2 - $12.99

  • Last Updated:
  • Aug 9th, 2021 12:32 pm
[OP]
Jr. Member
May 15, 2015
108 posts
182 upvotes
Guelph, ON

[Amazon.ca] Feitian ePass K9 - Multi-Factor Authentication USB-A Security Key with NFC FIDO U2F FIDO2 - $12.99

These look to be a great price, just ordered 4 of them for my family. I've been using Google's version of these keys (Titan) for a while now and are quite happy with how they've been working for me. Certainly they're much more cost effective.
53 replies
Member
Mar 22, 2021
246 posts
614 upvotes
a physical key for your device?
I think my password/fingerprint will do
Deal Expert
User avatar
May 22, 2005
20743 posts
6214 upvotes
GTA
nnlnn2 wrote: a physical key for your device?
I think my password/fingerprint will do
Might be true, but for some people, its better to be safe then sorry.

I've been looking at YubiKey's for a while, I'll have to do more research on this one.
Deal Addict
Oct 14, 2017
1593 posts
2381 upvotes
Kingston
How does this compare to the Google Titan?
Deal Addict
Feb 14, 2006
1364 posts
2070 upvotes
Hammonds
coriolis wrote: Might be true, but for some people, its better to be safe then sorry.

I've been looking at YubiKey's for a while, I'll have to do more research on this one.
I will vouch for yubikey. Support is the huge benefit. If you know you'll use the exact supported tech, go for this. I mean exact like interfaces ,phone & os compatibility, key stores/crypto like fido u2f etc. Dont rely on future promises for external software. IMO avoid any that claim they are upgradable. Security updates should be through device replacement to ensure no tampering with anything ever, so ensure you have what you need when you invest. Buy min 2 and keep one safe to recover with.
Member
Dec 2, 2019
298 posts
682 upvotes
xtrmDeals wrote: How does this compare to the Google Titan?
I have Titan Key and so far, I am very happy with it. No issues.
Deal Addict
Oct 14, 2017
1593 posts
2381 upvotes
Kingston
SindbadRFD wrote: IMO, I would trust Google's Titan Security Key over this (even though that is bit more expensive).
https://store.google.com/ca/product/tit ... y?hl=en-GB
SindbadRFD wrote: I have Titan Key and so far, I am very happy with it. No issues.
Can someone tell me the difference between the two? I'm hearing that the Titan is wireless whereas this one requires to be physically inserted?

Feel free to redirect me to a YouTube video that you think will help answer my questions.
Member
Dec 2, 2019
298 posts
682 upvotes
xtrmDeals wrote:
Can someone tell me the difference between the two? I'm hearing that the Titan is wireless whereas this one requires to be physically inserted?

Feel free to redirect me to a YouTube video that you think will help answer my questions.
You can find more information on the Google's product page itself. They give multiple keys in the product for various type of connectivity/backup.

https://store.google.com/ca/product/tit ... y?hl=en-GB

Looks like the current version has an additional USB-type C key in it (I have an older version which only came with 2 keys in it).
I never bothered to look at YouTube for this. Please do some search yourself for what you are looking.
[OP]
Jr. Member
May 15, 2015
108 posts
182 upvotes
Guelph, ON
It's been mentioned by others but I want to highlight these points:
  • Buy two keys, one to carry, one to keep in a safe place. This protects you if you lose the one you carry around. You lose your hardware key you could permanently lose access to whatever you protected
  • In my opinion fingerprints are not a good factor for security, they can be copied (even from photographs)
  • 2FA via phone (SMS) is not very secure, you have to rely on the security of your telco service provider (Rogers/Bell/Telus...etc) so easy to take over a target's phone number
Deal Addict
Dec 26, 2010
1088 posts
778 upvotes
Calgary
https://2fa.directory is a good resource to see what websites support two-step verification as well as hardware keys.
Tip 1: Anybody can mark a deal as expired on the web. Instructions
Tip 2: You can search Google for "item name site:forums.redflagdeals.com" to find old/relevant threads. Instructions
Deal Addict
Feb 22, 2013
1322 posts
1287 upvotes
CheapNFrugal wrote: It's been mentioned by others but I want to highlight these points:
  • Buy two keys, one to carry, one to keep in a safe place. This protects you if you lose the one you carry around. You lose your hardware key you could permanently lose access to whatever you protected
  • In my opinion fingerprints are not a good factor for security, they can be copied (even from photographs)
  • 2FA via phone (SMS) is not very secure, you have to rely on the security of your telco service provider (Rogers/Bell/Telus...etc) so easy to take over a target's phone number
I would add: Know your threat profile. Don’t keep stuff in a safe place only to lose access to it. SMS is generally good enough for most. If you know a friend that had their SMS 2FA compromised then OK you are in a unique high risk group and may need enhanced security measures.
Deal Addict
Dec 24, 2008
3927 posts
1382 upvotes
Belle River
I'm imagining one day you put this thing in and suddenly for some reason it doesn't want to work, frustration, anger, what the hell do I do now... and so on, know what I mean? Am I right to worry about that or are these things super duper reliable?
Sr. Member
Oct 18, 2017
656 posts
1267 upvotes
New Brunswick
hystavito wrote: I'm imagining one day you put this thing in and suddenly for some reason it doesn't want to work, frustration, anger, what the hell do I do now... and so on, know what I mean? Am I right to worry about that or are these things super duper reliable?
That is why in this thread you see a lot of people mentioning to get 2! Most services that accept hardware MFA allow you to add multiple devices for this very reason. Unfortunately not all do, which can cause problems, namely AWS.
Sr. Member
User avatar
Jan 19, 2007
724 posts
320 upvotes
Toronto
Have had 2x yubikeys for the last few years. One of them lives on my keychain and that obviously goes anywhere and everywhere with me. Still works great. The biggest thing to lock down in my opinion is your email. Because typically all your password resets and registrations go to your email. Oh yeah, and your password manager if its not offline only.
Sr. Member
User avatar
Feb 2, 2015
792 posts
348 upvotes
Used Yubikey for over 5 years and enabled 2FA to in any website I could use it and found it is pretty good from a security perspective.

The only thing I don't like is Yubikey doesn't allow key "migration" or "backup", i.e., you can't just move all the settings from one Yubikey to another. Understood this is to make sure the keys are more secure, but would be a huge PITA when i need to replace keys.

However have to say these keys are physically quite strong though, even though they look like made of plastics (other than the NFC part), I have it on my keychain and I have sat on my keys more than once (I am over 200lbs) and even broke a USB drive on my keychain once, but somehow the Yubikey is still working well today.

Not sure about this Feitian key though, but I think durability is important given you can't migrate keys so best to buy from bigger brand (I have nothing against Chinese products, in fact even got a few warnings when people are making things up in the Huawei threads...)
Sr. Member
User avatar
Feb 2, 2015
792 posts
348 upvotes
no8t4 wrote: Have had 2x yubikeys for the last few years. One of them lives on my keychain and that obviously goes anywhere and everywhere with me. Still works great. The biggest thing to lock down in my opinion is your email. Because typically all your password resets and registrations go to your email. Oh yeah, and your password manager if its not offline only.
So basically every place you enrol 2FA you do it twice, one on each key?
[OP]
Jr. Member
May 15, 2015
108 posts
182 upvotes
Guelph, ON
TheCaffeinatedSloth wrote: That is why in this thread you see a lot of people mentioning to get 2! Most services that accept hardware MFA allow you to add multiple devices for this very reason. Unfortunately not all do, which can cause problems, namely AWS.
Does AWS allow you to use email as a 2nd factor? Right or wrong, here's my strategy. I use these hardware keys to secure my Gmail account making it very secure. Then for other online accounts I create, I'll use Gmail as my 2nd factor. This lets me protect accounts that may not natively support these hardware keys. I just wish my telco would let me secure my phone account with hardware keys because a lot of accounts (including banks) only let you use SMS as a 2nd factor.

Top