SoloKey (Hardware Security Key)

I’d like to bring up the suggestion of SoloKeys again for Hardware Security Keys, which was on the GH Discuss forum before the move here to Discourse:

I’d like to suggest SoloKeys for the MFA page as another option under the “Hardware Security Keys” section.

SoloKey devices use open source software (on GitHub) and hardware, though I don’t know too much about the hardware part or how it compares to Nitrokey.

I haven’t seen any mention of it on Pull Request 862 yet. Also, SoloKeys was mentioned in the discussions a while back, but this seems to have fallen to the wayside.

Some background (so others don’t have to start research from scratch)

SoloKeys devices from the older but currently available Solo 1 line seem to be most similar to the older but currently available Nitrokey FIDO2 hardware security devices.

Upcoming SoloKeys devices in the Solo V2/Solo 2 line (unless you already knew about SoloKeys) seem to be most similar to the Nitrokey 3 line. Currently, the Nitrokey 3 products are in pre-order status (for the USB-A and USB-C variants).

As stated in a SoloKeys announcement from February 2021, SoloKeys and Nitrokey are competitor-collaborators because both companies use Trussed, the same open source cryptography framework.

SoloKeys doesn’t seem to get a lot of attention, because SoloKeys only makes hardware security keys (so far). On the other hand, Nitrokey is more well known because it sells other products, such as the Qubes Certified NitroPad X230 and T430 and the NitroPhone 1 and 2/2 Pro (which are preinstalled GrapheneOS devices on the Pixel 4a and Pixel 6/6 Pro, respectively, with various options for removing the microphones, sensors, and cameras).

Other consideration: shipping availability

I originally wanted the Nitrokey FIDO2 but accidentally bought the Nitrokey Pro 2 (which can be used for unlocking the computer upon boot, like in the Insurgo PrivacyBeast X230) in late summer 2021. However, long story short I remembered in a video about passwordless account logins (it’s a bit idealistic) that SoloKeys is a good alternative to Nitrokey devices (since shipping was €50 or more via only UPS due to German COVID mail restrictions in early fall 2021).

Basically, if you’re in the U.S. or close to North America, then SoloKeys is more sensible regarding shipping - while those in the EU should consider Nitrokey for similar reasoning. However, both SoloKeys and Nitrokey will ultimately ship internationally. Having 1 more recommendation for hardware-based MFA alongside YubiKey and Nitrokey could help readers regarding availability.

I’m wondering if there’s any progress on suggesting SoloKeys since then.

SoloKey 2 isn’t generally available yet, and SoloKey 1 is USB-A only, and doesn’t have the best build quality IMHO. I don’t think we should be recommending products that are pre-order only, so I’m going to mark this as waiting and we can revisit it when SK2 is available in stores.

1 Like

A note relating to build quality and availability , i had been looking into buying a Nitrokey as recommended on privacyguides website. But after some research into their support and forums i found that a lot of users are complaining about nfc not working on their 3A models with pixel and samsung phones (refer their forum thread issues 1 , 2 (infact their support themselves say it won’t work with samsung SE models).
Some even complained of their keys being bricked and had to replace them.
Even a gui application for updating firmware and otp handling is not ready (only wip till now).
nitrokey 3c is on pre-order ( since nfc working with the 3A is not a guarantee , then buying 3c would be the only practical thing.)
My request is to atleast consider adding these drawbacks to the recommendation on website to the current list of drawbacks as it may affect buying decision.

Based on the responses to the first forum thread linked, it sounds like their support is replacing models with defective NFC.