This Open-Source Security Key Helps You Ditch Software Authenticators

This Open-Source Security Key Helps You Ditch Software Authenticators
Photo: John Biggs/Gizmodo

Accidentally deleting your Google Authenticator app is a nightmare. The app, which generates one-time codes for many websites, is usually your key to many major email services, including Gmail, domain name services like Namecheap, and even banking services. If you forget to move these codes over to a new phone when you upgrade, for example, you’re sunk.

That’s why open-source USB-A and USB-C keys, like the popular YubiKeys, are so important. To use them, you plug them in and connect them to applicable services by pressing an on-board button.

The SoloKey 2 is one such device, created by Conor Patrick, a college student-turned-hardware builder. Patrick has posted the source code for all to see and he’s crowdfunding the SoloKey 2 for $US34 ($44) — that’s about $25 less than a YubiKey. He’s raised $US400,000 ($516,360) and the product is set to ship this September.

“I started working on this in college and never stopped,” Patrick told Gizmodo. “I assembled a team for the second generation to make the first Solo, and we funded ourselves off of Kickstarter. But Solo was missing a lot of improvements needed to allow us to make enterprise sales. We’ve worked hard to make Solo 2 and believe this product can be a strong authenticator for everyone. We’ve been bootstrapping this from the beginning.”

Photo: John Biggs/Gizmodo Photo: John Biggs/Gizmodo

The SoloKeys work with most major two-factor authentication setups, including FIDO2/WebAuthn, and you can use it with Google products, Facebook, Dropbox, Okta, and Microsoft accounts.

Patrick sent us two early versions of the hardware to test out, and they worked. The SoloKey 2 only works with Chrome currently, so you’ll probably still have to create a one-time code if you’re mainly using Safari, but for everyone else, it’s a lower-cost alternative to pricey security keys. I was able to connect it to my Github account instantly by simply inserting the key and touching the sides to activate it.

Devices like the SoloKey are invisible until you absolutely need them. As someone who has often forgotten to move over 2FA authentication keys during an upgrade, having a backup like this is a real godsend. It may look boring, but this little key could be a lifesaver.