Security News > 2020 > February > Google launches open-source security key project, OpenSK
Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week.
Google has released an open-source implementation called OpenSK. It's a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key.
As an open-source project, there are some caveats that make this more of a research project than an official alternative to manufactured security keys for board hackers.
While Google tested the firmware against CTAP 2.0, which is a protocol that's part of FIDO2 that enables digital keys to work with a browser, the FIDO Alliance hasn't certified OpenSK, which means it can't call the project FIDO Certified.
CrowdSupply successfully crowdfunded Somu, a tiny open-source security key that supported FIDO2.
News URL
https://nakedsecurity.sophos.com/2020/02/03/google-launches-open-source-security-key-project-opensk/
Related news
- Open source maintainers: Key to software health and security (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)
- Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data? (source)