Hardware Partner: Feitian

FEITIAN Technologies is one of the leading supplier of smartcards and security keys. Together with the Hardware Security SDK, their newest hardware can be used to protect industrial systems at scale.

Hardware Partner: SoloKeys

We partnered with SoloKeys to provide full passwordless authentication for industrial systems using FIDO2. But what does this mean for security?

SDK provides WebAuthn for Nextcloud

To provide a passwordless experience on Android, we teamed up with Portknox and Nextcloud's Android developers and integrated our SDK in Nextcloud's Android app 3.14.0.

PIN Bypass in Passwordless WebAuthn on and Nextcloud

We were able to bypass the PIN authentication when logging into This breakes the assumption of requiring two factors and allows an attacker to log into the victim's account by using only the security key. If the security key supports NFC, the attacker could sneak up on the victim and log in without getting noticed.

Version 4 with WebAuthn/FIDO2 Support

Hardware Security SDK version 4.0.0 has been released. It supports the WebAuthn standard, which is part of the FIDO2 set of standards. Finally, we bring passwordless WebAuthn logins to Android working with security keys and smartcards over NFC and USB.