Hey, I came across token2.com (.eu; .swiss etc.) as a more budget friendly 2FA hardware maker HQd in Switzerland. They make FIDO certified keys, some with added functionality and they have some additional certifications as well. Industry customers use them too.
I would like to know if anyone knows anything about their products, I would be curious about their experience and opinion about ease of use, security, customer service etc.
They don’t seems to have the hardware code open like the solokeys does, but they seems to have opened some of their companion tools there. Would like indeed, to have more insight from someone who knows more about that domain. Looks really interesting.
Q: Are the firmware on your keys open source, did it ever recieve a security audit, what was the name of the original firmware you used (I read somewhere that you used a 3rd party firmware)?
A: No, the firmware of our products is not open-source.
You will find Python scripts for compatible products after purchasing them in the customer account interface. You can change it and use it for internal use if needed.
I asked them again about the audits:
Q: Whether the firmwares had any security audits (despite not being open source), is that information available?
A: Our security keys are FIDO-certificated and meet the standards provided by FIDO Alliance.
Hello, I am associated with Token2. Let me provide clarification on the response from the helpdesk, which might not have been described very well.
FIDO2 keys undergo thorough audits by certification engineers from the FIDO Alliance. Generally, there is no requirement for additional security audits, especially for L1-certified keys.
On a separate note, the link to Token2’s Github you posted previously is not the scripts the helpdesk mentions in the first response; there are some other Python source codes that are made available for customers to examine (and use).