Security News > 2020 > February > Google launches open-source security key project, OpenSK
Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week.
Google has released an open-source implementation called OpenSK. It's a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key.
As an open-source project, there are some caveats that make this more of a research project than an official alternative to manufactured security keys for board hackers.
While Google tested the firmware against CTAP 2.0, which is a protocol that's part of FIDO2 that enables digital keys to work with a browser, the FIDO Alliance hasn't certified OpenSK, which means it can't call the project FIDO Certified.
CrowdSupply successfully crowdfunded Somu, a tiny open-source security key that supported FIDO2.
News URL
https://nakedsecurity.sophos.com/2020/02/03/google-launches-open-source-security-key-project-opensk/
Related news
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)
- Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data? (source)
- Vanir: Open-source security patch validation for Android (source)
- Sara: Open-source RouterOS security inspector (source)
- What’s Next for Open Source Software Security in 2025? (source)