Feitian ePass FIDO-NFC Security Key

I've bought one and got a super fast delivery. The product is smooth, safe and fine. It's working and performing well till now. Gratitude

I've been using this hardware key for around 3 years now, and I feel like it's appropriate for me to review it at this point. I use this as a 2FA device for login into Ubuntu, and any online services that use it, both on Linux (including Android) and Windows. While it took a little bit to set up in Linux (editing udev rules, pam files, and such), there was a great guide online by Yubico that detailed the process, and it works perfectly with the Feitian key as well. I'll also add that the NFC worked perfectly out of the box for my phone, and it even worked through a thick case (an OtterBox). Just make sure you memorize where the NFC chip is in your phone to make it easier for you to use. While I was originally uncertain about the durability of this key, it's lasted me over 3 years now with HEAVY use, and I even bought a second one recently and registered it everywhere to make sure I have a backup. The contacts have corroded slightly over the years, and the plastic has been worn out, but it's somehow survived this long despite being on my keyring with all my other keys scratching it, and while working as a laborer with them always in my pocket. On a second note, I believe that this only used to work in Chrome (Chromium works as well if you still use a 32 bit install or an old OS, but I can't vouch for whether or not it would be able to recognize the device if your computer is that old), but it now also works on Firefox (and TOR by extension, since it uses Firefox). This key does NOT work with Windows Hello, but as far as I can tell, neither do Yubico products or any other hardware keys without Azure AD Premium (though I can't even attest to that working properly), so this is the fault of Microsoft, NOT Feitian. Windows Hello has "hardware key" as an authentication method, but rejects any of the keys I've used, so I don't understand what it wants you to use (I've seen reviews on every Yubico product with the same information). Yes, Yubico has software to change the login to enforce hardware key authentication (which doesn't work with Feitian), but this can easily be bypassed by booting into safe mode, so for the security conscious, I'd simply recommend ditching Windows, or just dealing with a password without 2FA. I believe that the same is true for Rohos, but Rohos works with Feitian (I've confirmed this). The only downside is that Rohos costs $32USD after the 15 day free trial, and with a security flaw that big, I don't believe it to be worth the money. I also have not been able to get it to work with my Microsoft account, but I again suspect that this would be the same for a Yubikey, as the same dialogue popped up when it denied the key. I hope that this changes in the future, but given Microsoft's turnaround time on features and the continuous lack of certain security features, I don't know when or even if that will happen. I've seen some people address security flaws, but Feitian has since fixed them, and been very responsive to feedback given by customers! The original flaw with UF2+CCID mode being exploited is gone now, and they improved their packaging to a tamper-proof plastic and cardboard package. For the price, this is absolutely the 2FA device to get, and unless you care about storing PGP keys, then there's no reason to buy a Yubikey over this device. Another side note, Feitian is the company that makes the Google TITAN series of hardware keys, and they're simple rebrands in white, so I recommend you buy them straight through Feitian instead of Google, simply because of markups and such. If you care enough about the color, then I suppose you can get the Google TITAN keys, but I honestly prefer the black one Feitian sells anyway. I'd also like to add that yes, Feitian is based in China, and these keys are manufactured in China. They still use FIDO2 and other international standards however, so this fact does not matter for security reasons. There is no way for them to see what accounts are used with this device, so even if they DID store and track these devices, they couldn't use them for anything. When you understand how these devices work, it doesn't matter from a security perspective who manufactured them, and given the responsiveness to a previous security threat with this device (which was hardly even a vulnerability), they've proven that they certainly care about security. Another one of their products that had a vulnerability in the Bluetooth pairing method (which I don't personally agree is a secure protocol to use in the first place, but that's beside the point, since I believe they were simply trying to appeal to a wider audience) was immediately addressed, and they replaced the product free of charge for every customer who owned one. Feitian actually has a significant history as a security company that I recommend you to look into if you're still questioning their credibility, but with how they've handled their products, and specifically the type of device this is, it doesn't matter that their products are manufactured in China. TL;DR: As a long time user, I highly recommend this product for it's durability, usability, and compatibility. It achieves the same thing as a Yubikey (except for storing PGP keys, but if you don't know what those are, then it won't matter to you), for half the price. My current key has lasted me over 3 years, and I suspect it will last me far longer still.

Feitan ePass NFC FIDO U2F is an excellent product. It works right out of the box. I primarily only use it on my Google and Facebook accounts, but it is pretty reliable. I tried the NFC feature with my Nexus 6 phone and it works. The only issue I have with it is that you cannot use it with Windows Hello since Feitan does not have a software that would allow for the security key to be used for logging into your Windows computers (a feature which Yubico has).

Bonjour, le rapport qualité prix est parfait rien a dire de plus fonctionne parfaitement, il suffit de la configurer a nos compte compatible en ligne depuis un pc puis depuis un téléphone compatible la reconnaissance via nfc se fait sans trop de soucis, il faut juste être patient la premiere fois pour trouver le capteur nfc du tel, sur mon One Plus 6 il se situe au niveau de l'appareil photo.

Security keys are supposed to just work out of the box but could not get this to work at all - no response from Feitian's online support either. Tried the various tools from their download page without success. Perhaps I received a faulty unit but without any feedback from their support team, I'll never know

Have been using it for a month now and no issues so far. Will provide a review later after I use it more..