Sorry, this offer has expired. Set up a deal alert and get notified of future deals like this. Add a Deal Alert

Expired Hot Deals

Sorry, this offer has expired.
Set up a deal alert and get notified of future deals like this.
Set up a Deal Alert
Amazon.ca

Feitian ePass K9 - Multi-Factor Authentication USB-A Security Key with NFC FIDO U2F FIDO2 - $12.99

  • Last Updated:
  • Aug 9th, 2021 12:32 pm
Deal Addict
Dec 24, 2008
3941 posts
1389 upvotes
Belle River
TheCaffeinatedSloth wrote: That is why in this thread you see a lot of people mentioning to get 2! Most services that accept hardware MFA allow you to add multiple devices for this very reason. Unfortunately not all do, which can cause problems, namely AWS.
I wasn't really thinking of the device failing, more just something going wrong in general that prevents it from working, maybe the device or maybe not, in which case the backup doesn't save you. So say we use text messaging for 2FA as an example, your phone could die, or just screwup in such a way that you cannot get texts, how likely is that? Something could go wrong with the phone network that prevents that text message from arriving, how likely is that? And so on.

How reliable is this?
Penalty Box
User avatar
Jun 23, 2014
1678 posts
1015 upvotes
Vancouver, BC
How comfortable are you relying on a Chinese corporation for privacy/security?
Sr. Member
Oct 21, 2015
573 posts
761 upvotes
Toronto, ON
nnlnn2 wrote: a physical key for your device?
I think my password/fingerprint will do
My heitai collection needs to be encrypted!
[OP]
Jr. Member
May 15, 2015
123 posts
204 upvotes
Guelph, ON
sparkaction wrote: I would add: Know your threat profile. Don’t keep stuff in a safe place only to lose access to it. SMS is generally good enough for most. If you know a friend that had their SMS 2FA compromised then OK you are in a unique high risk group and may need enhanced security measures.
Agreed, know your threat profile and understand what personal assets are being protected by your SMS or Email address. In my opinion SMS is not sufficient to secure financial assets. For those interested CBC was able to use social engineering to take over a Rogers account. Here's an example from a fellow RFD'er who had their rogers account hijacked: https://forums.redflagdeals.com/got-my-sim-hijacked-last-night-rogers-2344557/
[OP]
Jr. Member
May 15, 2015
123 posts
204 upvotes
Guelph, ON
Sievert wrote: How comfortable are you relying on a Chinese corporation for privacy/security?
These devices have been scrutinized by many security companies / white hat hackers and this is the worst I could find:
https://arstechnica.com/information-technology/2021/01/hackers-can-clone-google-titan-2fa-keys-using-a-side-channel-in-nxp-chips/


"There are some steep hurdles to clear for an attack to be successful. A hacker would first have to steal a target’s account password and also gain covert possession of the physical key for as many as 10 hours. The cloning also requires up to $12,000 worth of equipment and custom software, plus an advanced background in electrical engineering and cryptography. That means the key cloning—were it ever to happen in the wild—would likely be done only by a nation-state pursuing its highest-value targets."

Good enough for me.
Deal Guru
User avatar
Sep 21, 2005
13346 posts
12118 upvotes
How reliable it the USB connection without the outer metal shell to hold contacts against the contacts on your device's USB port?
Have too many phones... This is how I limit my monthly phone payment.
Public Mobile $34 15GB, $11 250MB, 2x $5 50min/50text, Zoomer $36 7GB plan,
Fido $5 4GB plan with a free tablet, $0 FPL home phone.
Sr. Member
User avatar
Sep 4, 2008
891 posts
330 upvotes
New Westminster
CheapNFrugal wrote: Agreed, know your threat profile and understand what personal assets are being protected by your SMS or Email address. In my opinion SMS is not sufficient to secure financial assets. For those interested CBC was able to use social engineering to take over a Rogers account. Here's an example from a fellow RFD'er who had their rogers account hijacked: https://forums.redflagdeals.com/got-my-sim-hijacked-last-night-rogers-2344557/
thanks for sharing. would a 2FA app (authenticator) on one's cellphone be better than SMS verification? i typically have both setup anyways
Member
Apr 4, 2021
229 posts
436 upvotes
Victoria, BC
texasbruce wrote: Is this compatible with 1password?
i use the Google Titan key with 1Password and Feitan makes the Google Titan key. i would guess that this key is the same as the Titan.
embguy wrote: How reliable it the USB connection without the outer metal shell to hold contacts against the contacts on your device's USB port?
it's fine. the key is only inserted to authenticate and then you can remove it.
brclho wrote: thanks for sharing. would a 2FA app (authenticator) on one's cellphone be better than SMS verification? i typically have both setup anyways
if you have both set up, then you are vulnerable to the SMS attack. the authenticator is safer unless the attacker gets hold of your device with the authenticator, e.g. your phone.
Sr. Member
Nov 9, 2014
771 posts
777 upvotes
Ottawa, ON
If you buy multiples of these for redundancy/backup do they link in some way or do you register them all as separate devices on an account? Do services support that kind of thing?
Deal Addict
User avatar
Mar 13, 2008
3738 posts
5132 upvotes
Oakville
nnlnn2 wrote: a physical key for your device?
I think my password/fingerprint will do
LoL you either know or you don't.

If you don't understand the use case for this, you're taking some big risks with your data.

Authenticator Apps alone are not enough.
-ZdpZ... ;)
Deal Addict
Nov 21, 2014
2917 posts
4995 upvotes
Atlantic
Can attest.....Yubikey + Bitwarden = solid

Been using it for last 2-3 years.
Jr. Member
Sep 18, 2020
197 posts
426 upvotes
Ordered a Yubikey 5 NFC on Amazon a few days ago. Had a $7 clipped coupon that brought the price to $50 + tax. Gonna buy two of these Feitan ePass K9 and see if it will work just as well for me.

Plan to use Bitwarden on premium plan, since it's only $10 a year.
Member
User avatar
Jan 7, 2007
267 posts
472 upvotes
Ottawa
This is more secure than SMS or voice message - SS7 + Sim takeover all too easy.
Authenticator (MS, Google, ...?) also good.
You do need two keys in case you lose one. You can add both to those accounts that take them - eg Google.
FIDO2 compatible with windows signon - https://docs.microsoft.com/en-us/azure/ ... urity-keys

Security: Best to have 2+ of: Something you know, Something you have, Something you are.
Member
Apr 4, 2021
229 posts
436 upvotes
Victoria, BC
redmondflagger wrote: If you buy multiples of these for redundancy/backup do they link in some way or do you register them all as separate devices on an account? Do services support that kind of thing?
in general, yes, you can register more than one key or type of second factor authentication and you can register a specific key on multiple accounts.
for example, my key can authenticate me to get into my account and it can authenticate my wife to get into her account as a backup. Her key can be used to get into her own account and can also be used for me to get into my account as a backup.
Newbie
Dec 8, 2013
45 posts
8 upvotes
Surrey
When it comes to security I don't mess around. Just spend the extra 30-40 bucks and get a yubikey. Binance supports em too.
Deal Addict
User avatar
Oct 27, 2006
2314 posts
1018 upvotes
Toronto
nnlnn2 wrote: a physical key for your device?
I think my password/fingerprint will do
it's clear that you don't care and/or know much about cybersecurity :)
read through this thread, 98% of each poster is talking about the usefulness of these keys
If you're seeing this message, it means I cared enough to downvote or felt the need to upvote. Either way you get a👎/ 👍 so be grateful that your thread is being bumped
[OP]
Jr. Member
May 15, 2015
123 posts
204 upvotes
Guelph, ON
brclho wrote: thanks for sharing. would a 2FA app (authenticator) on one's cellphone be better than SMS verification? i typically have both setup anyways
In my opinion yes, an authenticator app on your phone is better than using SMS in terms of security, but you have to be careful when upgrading your phone that you don't accidently lock yourself out when you get a new phone.
Sr. Member
User avatar
Jun 6, 2013
844 posts
1207 upvotes
TO / Van
I would just buy a yubikey if you were already going to these lengths for security

Top