OnlyKey

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article contains promotional content. Please help improve it by removing promotional language and inappropriate external links, and by adding encyclopedic text written from a neutral point of view. (April 2024) (Learn how and when to remove this message) The topic of this article may not meet Wikipedia's notability guidelines for products and services. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted. Find sources: "OnlyKey" – news · newspapers · books · scholar · JSTOR (April 2024) (Learn how and when to remove this message) (Learn how and when to remove this message)

OnlyKey

Design firm	CryptoTrust
Color	Black (changeable sleeve)

OnlyKey is a multi-function hardware security key combining features of a password manager, two-factor authentication (2FA) token, file encryption token, and secure storage device. The device incorporates hardware storage for password and username combinations, while also acting as a portable password manager.^[1]

OnlyKey is notable for its physical keypad, which allows users to enter a PIN code directly on the device.^[2] After 10 failed attempts to unlock, all data is erased.^[2] The device also features a data-destruction code that the user can key in.^[3][4] The device can store passwords, usernames, URLs, and one-time password (OTP) accounts, which can be used for online/offline access.^[2][4]

• Password management: OnlyKey can store and manage up to 24 passwords, usernames, URLs, and one-time password (OTP) accounts on the device itself.
• Two-factor authentication (2FA): OnlyKey supports various 2FA protocols including FIDO2 WebAuthn, FIDO U2F, TOTP, Yubico OTP, and Challenge-response.^[5][4] When logging in to a configured website or service, besides entering the username and password, the user also physically confirms the login attempt by pressing a button.
• Security and Durability: OnlyKey is open source^[2] and has upgradable firmware. ^[4]
• Set up Apps: The device can be used via a cross-platform desktop app, as well as other desktop apps on macOS, Windows, and Linux (.deb)^[6]

• Cost: Compared to software-based password managers, OnlyKey requires an upfront purchase for the hardware device itself.
• Learning Curve: Setting up and using OnlyKey may require familiarization with its features and functionalities compared to typical password management solutions. Complex setup process compared to security keys like YubiKey.^[3][4]
• Physical Loss: Losing the OnlyKey device can potentially lock the user out of their accounts if no backup is created. Unlike other security keys, OnlyKey has a secure backup feature to solve this issue.
• Limited OTP Functionality: The absence of both an on-board clock and non-volatile memory necessitates the OnlyKey App to be running for Time-based One-Time Password (TOTP) generation. Although there are some exceptions when the hardware key is continuously powered.^[5]