I wanted to ask if there is any news regarding Fido2 compatibility without Play Services. I would like to get the OnlyKey. But since I do most of my work on the phone with GOS, it would be pointless if the key doesn't work.

    I have many OnlyKeys myself and also gave many away. But I would rather use the OnlyKey Duo on a cell phone instead of OnlyKey in the OTG adapter.

    I have always used Onlykey in Firefox. No idea if it works in vanadium.

    OT: I'm excited about the OnlyKey Pro (currently in early development), which offers encrypted storage, quantum-resistant encryption, and a built-in password manager with nearly unlimited storage. :-)

      boldsuck yes it works in vanadium, but only with play services enabled. OP's question was about compatibility WITHOUT play services, which is a query I'm also invested in, webauthn compatibility without play services is at the top of my GOS wishlist. But I imagine it's probably far from trivial to implement.

      Your reply looks like an advertisement

          boldsuck I have actually ordered the onlyKey duo.
          Did I got it right, that it works with firefox on GOS?

              dirksche Firefox uses the Google Play FIDO library, which requires sandboxed Google Play, like Vanadium.

                GrapheneOS Thanks for this information. So there is no browser out there that is able to handle fido2/fido without (sandboxed) Google Services?
                Are there plans to integrate Fido2 support for vanadium in near future?

                  So what's the difference between onlyley and yubikey? I was thinking of getting a yubikey for keepassDX.

                    MarsTrue You can't go wrong with a Yubikey. As far as I know, it has the highest compatibility with the various services.
                    However, open source software is important to me, which is why I opted for the OnlyKey.

                        dirksche You can't go wrong with a Yubikey. As far as I know, it has the highest compatibility with the various services.

                        YubiKeys don't support firmware updates, so you're stuck with whatever firmware (and bugs/exploits) the device shipped with. Next to preferring Open Source it's my main reason not to go with a YubiKey.

                        Regarding OP it looks like you're out of luck as currently OnlyKeys won't work for your use case. You could create a user profile with Sandboxed Play Services exclusively for the apps and websites you use with your OnlyKey, but I guess it's not a good solution for you (it wouldn't be what I want at least)...

                            N1b Tha

                            N1b YubiKeys don't support firmware updates, so you're stuck with whatever firmware (and bugs/exploits) the device shipped with.

                            There are a lot of rasons why I don't want to use a Yubikey. This is one more. But I did want to keep my answer short. There are a lot of pages that compares the different keys. I think we don't need one more.

                            N1b Regarding OP it looks like you're out of luck as currently OnlyKeys won't work for your use case

                            Bad luck. But is it possible to use it at simple 2fa?

                            N1b You could create a user profile with Sandboxed Play Services exclusively for the apps and websites you use with your OnlyKey, but I guess it's not a good solution for you

                            You are totally right about that. It's no option for me.

                            • N1b likes this.

                                    boldsuck can’t seem to find any info about this so called OnlyKey Pro that isn’t just wish lists on forums. Do you have an official link, or failing that a semi credible rumour of its existence?

                                        Roger Your reply looks like an advertisement

                                        OnlyKey was explicitly asked for. I have written a lot about all other open source keys in this forum.
                                        I missed that without Playservices. I generally use the keys on the laptop.

                                            boldsuck And what happens if, for example, I use the OnlyKey to log in to PayPal on my laptop and then want to use PayPal on my cell phone? How can I then log in?

                                                dirksche I don't know if I understood the question, but you can use one key on multiple devices.

                                                I've never used Paypal, but many sites have a similar 2FA/MFA setup:
                                                (Important: With 2FA there is no option like password reset! That's why a backup is always necessary on 2 or more hardware keys or an OTP APP).

                                                1. Enable TOTP (often called 'Google Authenticator' in instructions)
                                                2. Generate recovery-codes. Which you have to save safely!
                                                3. Then you can add U2F and or WebAuthn/FIDO2 devices.

                                                I can only say what is most practical for me. A hardware key in every laptop and an OTP app on the phones.
                                                andOTP is unfortunately no longer being developed further. Some users in this forum use Aegis and FreeOTP+.
                                                We recently had a thread about hardware keys and the difficulty of using them without Play Services.

                                                    I would also love to see GOS incorporate a FIDO2 library into Vanadium for security key use. Currently, I use my yubikey to unlock keepass2android and as a TOTP method, but being able to use the FIDO/Webauthen without GPS would be amazing.

                                                      boldsuck Sorry that my question was a liitle bit confusing.
                                                      I will try again. For example: on my laptop I secure a Login with my OnlyKey. Then I have to use the same Login on my Smartphone with GOS, which doesn't support the OnlyKey. Can I set/add a different and alternative methode like OTP so that I be able to login on my mobile device?