 Eye on MPI. Eye on MPI, brought to you by Adafruit and DigiKeyLated. What is Eye on MPI this week? This week's Eye on MPI is from Thendtrend and it's a USB security dongle that's 502 compatible. And folks who remember the series that I did on IoT security, one of the things that I really talked about was that you really want to have, you really don't want to roll your own like security management for keys, you don't want to store them, you don't want to come up with your own encryption authentication system. Another thing is you really can't trust your microcomputer or microcontroller cryptographic storage internally, like all we hear all the time, you know, whether it's online or at like, you know, Hope or other HackerCon or DefCon or whatever or CCC is people cracking microcontrollers and getting keys out of them, secure keys. And so, you know, nothing is ever fully 100% secure, but a lot of times you can kind of outsource your security to a very specialized piece of hardware. I personally think that's the way to go rather than trying to like hide the XOR keys inside your flash memory and then encrypting it because all I've seen is that that doesn't quite work. So what I like about this is that this company makes like a couple pieces of hardware and it's like the one thing they do and the other design for security. And what's neat about these is you can use them in your project. So this, there's four models, but this is the one I'll talk about. This is a fingerprint sensor enabled 502 USB key. So it's a USB-A key. There's also a USB-C version. And there's also, I'll show you, there's a card version with BLE and NFC in it. There's a button because sometimes you need a little button to like activate, but there's also a fingerprint sensor on the end and you can program your fingertip on it. It doesn't take the whole fingertip, obviously, just like the middle part, but you can use that as part of your authentication. So what's neat is I was able to use this with Windows. I didn't get the one that's Windows Hello friendly. There's actually one that's specifically for Windows Hello. I got like the 502 one. But I said, okay, I wanted to add a security key, plug into USB. And then you have to touch the fingerprint sensor. And if you have a phone with a fingerprint sensor, you know like you touch it multiple times and multiple angles. And then the little fingerprint kind of fills up and then it's like, okay, great. It's all set and then now you can add a pin code if you want to have another thing for identification, but pretty much the hardware now knows your fingerprint and will use that for authentication. You can also use it to like test your, you can touch it to authenticate to make sure it's you. So that's good. And you also tried it with WebAuthn, which is your Google account, for example. You know, I have two factor on my Google account. So I made another Google account to test this with. But instead of using Google Authenticator app or Authy or SMS, you can actually use one of these dongles in your computer and with the fingerprint sensor as well. So in your Google account, turn on two factor. And then it'll, you know, it works with the windows. Whoops, I'm sorry. It works with your Windows security setup. It, you know, knows about the key. You touch the key and it matches your fingerprint and then you can add it. And then whenever you have to two factor in, you can use, you can have multiples. You can have either the key or you can have it also like send your text message or whatever. But I like this because it's like a physical thing. And so it kind of hits that like, you know, you want something you know, which is a password and a username, something you have, which is the key and something you are, which is the fingerprint sensor. So it's really protected against theft because like you need to steal a lot to get this. So it's like very high end security, like military level security, but it's like 40 bucks. And it works with a lot of things. And then this is what it looks like after it's set up. And, oh, this is when I, you know, logged in and it's like, okay, making sure it's you. And then it's like, boom, you're set. So what's nice about this also is it uses the Fido 2 specifications. So this was a consortium of companies, you know, Google was part of it. And I think Ubiqui also and a couple other companies, and they sort of came up with an open standard for how the Fido and U2F USB keys and NFC and BLE interface work so that all the hardware kind of interworks with each other, but also all these companies agree that this is all a secure system. And so it's, I like that it's kind of an open standard. You don't even have to log in to download the specifications, looking at you, BLE Bluetooth consortium for making you have an account. You don't, you just download them and implement and integrate this security into your product. So, you know, you may not want this for logging into Windows or Google, but you may be making a hardware product that needs really good biometric authentication. And, you know, we sell fingerprint sensors and everything, but you don't, they can't store private keys. You can't use them as part of a challenge response system to secure the account, to authenticate the account like securely. Instead, I would tell people, use this. This is designed for it. And because it's USB, you can plug it into any single board computer. And you probably could even port it to a mic controller with it with a USB host because it's not that complicated. If you want to interface with it, you know, and you're not using web authentication, I actually downloaded, you know, in like five minutes, I got this going. I downloaded Python 502, which is by Ubiqui, who is part of the consortium. I pip-installed it, and then I ran Get Info, and it was like, yep, I identified the FIDO key that's plugged into your USB. And then there is a demo called, like, you know, Authenticate, and it worked, like, you know, it was like plug it in and you touch it, and it will only print out the authentication data if you touch it correctly with the correct finger and have the right dongle plugged in. And so this looks like it would be a very easy way to integrate into your existing product, and it's like, it's okay that it's all in Python because the challenge and response stuff, it can be clear text, and it doesn't matter because it's, you know, end-to-end authenticated from the host, which has, you know, the matching, like, challenge response, like, you know, private key information, and the device. So you know that it's secure without having to worry about, like, dealing with all of that management yourself. It's all kind of abstracted out by the FIDO2 interface, which I like. And, you know, I think that this is a future. I think, like, passwords are over. We're getting close to the point where, you know, people use their phones or their watches or USB dongles as a way of authenticating. And, you know, personally, I think, like, we should probably not have passwords. Like, we're not, it didn't really work out. A little bit like tool chains. Like, I'm really anti-tool chain. It got us here. Yeah, it got us here. But it's time to evolve to the next thing. Yeah, it is. I mean, I have a password keeper and everything, and it's secured. And, you know, I could probably add this, you know, three-factor to my USB. I think you just need to do layers and layers. That's how we do the things here. Well, some things are really important. Some things are not, right? So I think that for the stuff that you really want to have secured and have biometric security, this is like a fingerprint sensor on a USB stick. Like, the price is really good. You get all that stuff and it's secured in a USB, and it works with the standard, and it's going to be way cheaper than trying to do it yourself in a product. So, you know, there could be like, you know, we know people who've worked on kiosks for like the TSA. That's an example where you definitely want to have biometric security. You want to know who is logging in, and you shouldn't be able to use somebody else's password. You're accessing important data. So I think this is a good idea for people to add into their products. And we have a video, and then we're going to show the location of it on the digit key. And also show, I'll show it all the overhead too. Okay, let me do the video and we'll see you on the other side. It's only a minute and a half. We live in a technology-enabled world, but there are times when technology lets us down. Take passwords, for instance. For users, they're clumsy, hard to remember, and they need to be changed all the time. For businesses, passwords just don't provide the security necessary to keep important data from falling into the wrong hands. With over 80% of corporate data breaches being caused by stolen or weak user credentials, the time for improvement in user authentication is now. And that's where the FIDO Alliance comes in. FIDO, or Fast Identity Online, is a consortium of the world's leading technology companies dedicated to changing the way online authentication is done. We're establishing technical standards that provide interoperable mechanisms that are far more secure and easier to use than passwords. From biometrics such as fingerprints and facial scans to second-factor authentication devices, FIDO's standards are allowing companies and service providers to better serve their customers and employees. Core to the FIDO approach is a personal device, like a PC, smartphone, or security key that uses a set of cryptographic keys to securely access FIDO-enabled services, such as Google, Facebook, or PayPal. FIDO authentication data, such as biometrics, is never stored with the service, which protects the user's privacy and shields their login credentials from hackers. But the best part is that users no longer have to choose between better security or a better user experience. With FIDO, they get both. Over 600 interoperable products have been FIDO certified, and FIDO enabling your product or service is easier than ever. FIDO provides a set of universal specifications to build to and a rich ecosystem of products and services to enable turnkey deployment. Visit our website for more information on how to deploy FIDO authentication today. With FIDO, our technology... Okay. Okay, so this is... I have two of the devices, and you'll zoom in a little bit because these are a little small. Okay, one second. Sorry. You can do it. Okay, so this is the NFC... I think this does NFC and BLE, and USB. So it has... You can do... Yeah, you can see here the USB, BLE, and NFC. So this one's a little bit more expensive, but you can do USB connectivity. It's also got NFC, so you can touch... I guess you press your finger while you touch authenticate or BLE so it's wireless, and you can kind of see the card inside. It's a little thick, but it does fit in a wallet. It's also got a button if you need to. And then you put your finger in, and you can use that to authenticate your finger biometrics. And then this is the USB dongle. So for this, you can see there's this fingerprint, a capacitor fingerprint sensor on the back, like a little touchpad, but for fingerprints, and then a button, and then this is a USB-C, and of course I also have a USB-A type. Okay, cool. And the best part about all this is it's available on DigiKey. Yes, and it's in stock. Yeah. Here's a short URL, and there is the DigiKey. Yes, this is the A type, but of course they have the C in that card. So pick the one that makes sense for your application. But it's a standard, so it's like you can give users whatever. Some users have a MacBook, they get the C if some users have a Windows Dell or a laptop or Linux desktop computer. They can use the A, and no matter what, they can interface with the hardware. All right, that's on MPI.