Compass Security Schweiz AG Completes Independent Public Security Review of Token2 PIN+ FIDO2 Security Keys
Versoix & Jona, Switzerland – September 9, 2024 – Compass Security Schweiz AG (Compass), a leading Swiss IT security firm, has conducted a comprehensive and independent public security review of the Token2 PIN+ FIDO2 Security Keys firmware. This assessment, completed in August 2024, reaffirms the robustness and transparency of Token2's open-source firmware, designed to provide advanced protection while staying open for evaluation by the security community.
This independent and public review is part of Token2's commitment to ensuring the highest standards of security for its products.
Building Trust with Open-Source Firmware
By making its firmware open-source, Token2 allows for continuous public scrutiny, which is crucial in today's evolving cybersecurity landscape. Independent evaluations like this one build confidence in the product, ensuring that users can trust the security mechanisms protecting their sensitive data.
Publicly Available and Independent Review
The Token2 PIN+ FIDO2 Security Keys firmware is open source, ensuring that its security protocols are transparent and accessible for independent evaluation. The review by Compass Security specifically examined critical aspects of the firmware, including PIN policy enforcement, interactions with the platform, and the secure generation and storage of cryptographic key material.
The review focused on several key security areas to ensure that the Token2 PIN+ FIDO2 Security Keys offer comprehensive protection across multiple use cases. Compass Security also assessed how the firmware enforces PIN policy, crucial in mitigating unauthorized access attempts. The interactions between the security key and the platforms were also scrutinized to guarantee secure communication, preventing man-in-the-middle attacks. Additionally, particular attention was given to the generation and storage of cryptographic key material, ensuring that sensitive information remains fully encrypted and inaccessible to external threats.
Review Findings
The independent assessment found no critical vulnerabilities within the firmware. It confirmed that the Token2 PIN+ keys securely generate and store credentials, ensuring that cryptographic materials remain protected within the security key. Compass Security recommended including Unicode characters in the PIN policy to expand the key space, potentially enhancing security for users globally. For further details, please refer to the executive summary report.
About Token2 PIN+ FIDO2 Security Keys
Token2’s PIN+ FIDO2 Security Keys offer strong authentication through open-source firmware, providing both robust security and the flexibility for community-driven improvements. Token2’s decision to leverage open-source firmware provides not only transparency but also flexibility for its users. The open-source model allows the global security community to independently verify the codebase and suggest improvements. This collaborative approach significantly reduces the risk of hidden vulnerabilities, as the code is subject to constant scrutiny. Users and organizations can adapt the firmware to their specific needs, making the Token2 PIN+ FIDO2 Security Keys a versatile solution for enterprises looking to implement strong, reliable authentication mechanisms.
About Compass Security Schweiz AG
Founded in 1999, Compass Security Schweiz AG is a renowned Swiss IT security company specializing in attack simulations, security assessments, and forensic investigations. With over 25 years of experience, Compass serves a diverse clientele, from Fortune 500 companies to small and medium-sized enterprises. Their team of experts, collaborating with leading Swiss universities, ensures cutting-edge security expertise for national and international projects.
Subscribe to our mailing list
Want to keep up-to-date with the latest Token2 news, projects and events? Join our mailing list!