Security Token Research- the Good, the Bad, and the Ugly

The Beginning

In May, we decided to figure out the world of online security and try to build our own second-factor authentication token. I started learning anything and everything I thought could help me in this quest, and thus, decided to look into what’s already on the market.

I decided to look on Amazon, and document the pros and cons of Amazon’s options. My main concerns where: what’s good? what’s missing? what can be improved? and how it can be improved?


Digipass Secureclick FIDO U2F Security Key -USB token with bluetooth bridge

-2 year lifespan

-works on Windows, Mac OS X, Linux

-has different coloured status indicator lights -tamper sticker ripped off when arrived

-bluetooth has short range

-battery comes almost completely drained

-unreliable, complicated set up

Aluminum Folding U2F USB by Thetis -USB token

-doesn’t support one-time passwords

-works on Windows, Mac OS X, Linux

-easy set up



-can’t use multiple keys (of this model) for the same account


Yubikey 4 Nano -waterproof

-crush resistant

-works on Windows, Mac OS X, Linux

-easy to configure

-“does the job”

-must download instructions

-hard to pull out of slot without a lanyard

-if you bump it, it types on the screen

-“so small your 2 year old may accidentally swallow”

Feitian ePass NFC Security Key -near field communication

-can store multiple key pairs

-has one-time password support

-durable -doesn’t work on apple products?

-the near field communication is iffy

U2F Zero

(This is the model we are building! The creator graciously put all instructions online)


-no drivers

-works great

-easy set up


-durability? (exposed components on PCB)

-doesn’t come with instructions

HyperFido Mini -FIDO U2F certified

-works on Windows, Mac OS X, Linux

-works fine -LED light too bright

-casing isn’t durable


From these review, we can see that the main problem across the board was ease of use. Many keys didn’t even come with a set of instructions! Also, the size and shape of the token was an issue.


The main problem with security tokens at this point in time is that there isn’t much support yet. Not many sites allow a physical second factor device (or even any type of second factor). This means that people don’t feel the need to learn about or invest in a token. However, in the near future, this will be over a TRILLION dollar market space. The race is on to make better two-factor tokens.