dirksche Firefox uses the Google Play FIDO library, which requires sandboxed Google Play, like Vanadium.

    GrapheneOS Thanks for this information. So there is no browser out there that is able to handle fido2/fido without (sandboxed) Google Services?
    Are there plans to integrate Fido2 support for vanadium in near future?

      So what's the difference between onlyley and yubikey? I was thinking of getting a yubikey for keepassDX.

        MarsTrue You can't go wrong with a Yubikey. As far as I know, it has the highest compatibility with the various services.
        However, open source software is important to me, which is why I opted for the OnlyKey.

            dirksche You can't go wrong with a Yubikey. As far as I know, it has the highest compatibility with the various services.

            YubiKeys don't support firmware updates, so you're stuck with whatever firmware (and bugs/exploits) the device shipped with. Next to preferring Open Source it's my main reason not to go with a YubiKey.

            Regarding OP it looks like you're out of luck as currently OnlyKeys won't work for your use case. You could create a user profile with Sandboxed Play Services exclusively for the apps and websites you use with your OnlyKey, but I guess it's not a good solution for you (it wouldn't be what I want at least)...

                N1b Tha

                N1b YubiKeys don't support firmware updates, so you're stuck with whatever firmware (and bugs/exploits) the device shipped with.

                There are a lot of rasons why I don't want to use a Yubikey. This is one more. But I did want to keep my answer short. There are a lot of pages that compares the different keys. I think we don't need one more.

                N1b Regarding OP it looks like you're out of luck as currently OnlyKeys won't work for your use case

                Bad luck. But is it possible to use it at simple 2fa?

                N1b You could create a user profile with Sandboxed Play Services exclusively for the apps and websites you use with your OnlyKey, but I guess it's not a good solution for you

                You are totally right about that. It's no option for me.

                • N1b likes this.

                        boldsuck can’t seem to find any info about this so called OnlyKey Pro that isn’t just wish lists on forums. Do you have an official link, or failing that a semi credible rumour of its existence?

                            Roger Your reply looks like an advertisement

                            OnlyKey was explicitly asked for. I have written a lot about all other open source keys in this forum.
                            I missed that without Playservices. I generally use the keys on the laptop.

                                boldsuck And what happens if, for example, I use the OnlyKey to log in to PayPal on my laptop and then want to use PayPal on my cell phone? How can I then log in?

                                    dirksche I don't know if I understood the question, but you can use one key on multiple devices.

                                    I've never used Paypal, but many sites have a similar 2FA/MFA setup:
                                    (Important: With 2FA there is no option like password reset! That's why a backup is always necessary on 2 or more hardware keys or an OTP APP).

                                    1. Enable TOTP (often called 'Google Authenticator' in instructions)
                                    2. Generate recovery-codes. Which you have to save safely!
                                    3. Then you can add U2F and or WebAuthn/FIDO2 devices.

                                    I can only say what is most practical for me. A hardware key in every laptop and an OTP app on the phones.
                                    andOTP is unfortunately no longer being developed further. Some users in this forum use Aegis and FreeOTP+.
                                    We recently had a thread about hardware keys and the difficulty of using them without Play Services.

                                        I would also love to see GOS incorporate a FIDO2 library into Vanadium for security key use. Currently, I use my yubikey to unlock keepass2android and as a TOTP method, but being able to use the FIDO/Webauthen without GPS would be amazing.

                                          boldsuck Sorry that my question was a liitle bit confusing.
                                          I will try again. For example: on my laptop I secure a Login with my OnlyKey. Then I have to use the same Login on my Smartphone with GOS, which doesn't support the OnlyKey. Can I set/add a different and alternative methode like OTP so that I be able to login on my mobile device?

                                              chock-a-block In the past, they said a FIDO2 implementation developed by GrapheneOS would only use the the Titan M chip, not USB/NFC/BT

                                                dirksche

                                                Yes, you can. With PayPal - if you activate two-step verification - it's even necessary to set up OTP as an alternative to security keys because unfortunately at the moment you can only store one security key with PayPal - for this alone it is necessary to have an alternative access option if you lose the security key.

                                                You can set up the second factor in your PayPal account under settings>security>two-step verification.