You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: source/components/nitrokeys/fido2/faq.rst
+15-19Lines changed: 15 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,46 +3,42 @@ Nitrokey FIDO2 FAQ
3
3
4
4
.. faq:: Which Operating Systems are supported?
5
5
6
-
Windows, Linux, and Mac OS X. Also some support (FIDO2) for Android.
6
+
Windows, Linux, macOS, and Android
7
7
8
8
.. faq:: What can I use the Nitrokey for?
9
9
10
10
See the `overview <https://www.nitrokey.com/products/nitrokeys>`_ of supported use cases.
11
11
12
-
.. faq:: What happens if I lose my FIDO device?
12
+
.. faq:: What happens if I lose my Nitrokey?
13
13
14
14
When securing accounts using FIDO (two-factor authentication and
15
15
passwordless login), you should configure another factor in your account as
16
-
a backup. Depending on the service this backup factor can be a phone number,
17
-
an app or even a second Nitrokey FIDO2. If you lose a Nitrokey FIDO2, you
18
-
can still log in with the second Nitrokey FIDO2 (or with another second
16
+
a backup. Depending on the service/website this backup factor can be a phone number,
17
+
an app or another Nitrokey. In the last case, if you lose one Nitrokey you
18
+
can still log in with the second Nitrokey (or with another second
19
19
factor).
20
20
21
21
.. faq:: How large is the storage capacity?
22
22
23
-
The Nitrokey FIDO2 doesn't contain storage capability for ordinary data (it can only store cryptographic keys).
23
+
The Nitrokey 3 and Nitrokey Passkey don't contain storage capability for ordinary file (it can only store cryptographic keys).
24
24
25
-
.. faq:: How many keys can my Nitrokey FIDO2 store?
25
+
.. faq:: How many FIDO credentials can my Nitrokey store?
26
26
27
-
It can store up to 50 passkeys also known as discoverable credentials and an unlimited number of non-discoverable credentials.
27
+
It can store an unlimited number of non-discoverable credentials. The `factsheet <https://www.nitrokey.com/files/doc/Nitrokey_3_factsheet.pdf>`_ states the amount of discoverable credentials resp. resident keys.
28
28
29
-
.. faq:: How to use Nitrokey FIDO2 with Azure Entra ID (Active Directory)?
29
+
.. faq:: How to use Nitrokey with Azure Entra ID (Active Directory)?
30
30
31
-
After `disabling Enforce Attestation <https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key#fido-security-key-optional-settings>`_ Nitrokey FIDO2 is supported by Azure Entra ID out of the box.
31
+
Some Nitrokey models are supported by Azure Entra ID out of the box. For some Nitrokey models you need to `disable Enforce Attestation <https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key#fido-security-key-optional-settings>`_.
32
32
33
33
.. _fido2-resident-difference-nonresident:
34
34
35
35
.. faq:: What is the difference between Non-Resident Keys and Resident?
36
36
37
-
A non-resident key (non-discoverable credential) is the default credential type created when the user registers their Nitrokey FIDO2 with an authentication system that supports FIDO2/WebAuthn.
38
-
The authentication system stores the key handle, while the private key remains securely inside the Nitrokey.
37
+
A non-discoverable credential (also: non-resident key) is the default credential type created when the user registers their Nitrokey with an authentication system that supports FIDO2/WebAuthn.
39
38
This configuration uses no storage space on the Nitrokey and depends on the authentication system to supply the key handle during login.
40
-
The FIDO2 PIN controls access to the Nitrokey and authorizes all operations involving private keys.
39
+
Therefore an unlimited amount of credentials can be used with a Nitrokey. During login users have to enter their user name.
41
40
42
-
A resident key (discoverable credential) is stored directly on the Nitrokey, including all credential information and metadata required for authentication.
41
+
A discoverable credential (also: resident key) is stored directly on the Nitrokey, including all required credential information and metadata.
43
42
This allows the credential to be found automatically by the authentication system without providing an external key handle and enables username-less authentication.
44
-
Resident credentials are protected by the FIDO2 PIN, which authorizes their use and ensures that only the authorized user can access them.
45
-
Each credential typically occupies a few hundred bytes of secure storage.
46
-
47
-
48
-
43
+
Each credential typically occupies a few hundred bytes of secure storage, thus limiting the amount of credentials used with a Nitrokey (see
0 commit comments