$388,879 raised out of $5,000
Overview
Platform
Indiegogo
Backers
21
Start date
Feb 25, 2021
Close date
Feb 26, 2021
Concept

Security key to protect Gmail, Twitter, GitHub. Open, improved NFC, water resistant, reversible USB.

Story

 

 

 

MENTIONED IN:

 

Meet Solo V2, from the team that brought you the first open source FIDO2 security key!

 

 

 

You may not know until it is too late, and because security solutions are often expensive, all you can do is hope. But that doesn’t need to be the case

You may be an army of one, but you can very easily protect yourself from a compromised account by employing a Solo V2 security key. 

 

Solo V2 Series USB-A & USB-C

 

 

Portable

Take Solo V2 with you. It fits on your keychain, providing you with additional security, wherever you go. 

 

 

Easy to Use

No need to install any software. You can use your V2 immediately.

 

 

Solo V2 greatly reduces the risk of security breaches, as over 80% of all breaches are caused by passwords compromised through phishing email attacks. 

Preventing breaches can save the average corporation millions of dollars. Eliminating phishing can save you from major headaches and personal security concerns.

 

 

Solo V2 is a complete redesign of our original FIDO2 security key. 

  • The hardware is more physically robust
  • NFC performance is increased and uses a brand new microcontroller by NXP with enhanced security features. 
  • The firmware has been rewritten in Rust to be more modular/reusable by the community and to reduce the attack surface. 

Our goal with Solo V2 is to harden physical security of the device itself while providing all the protections that come with 2FA or passwordless login.

 

 

 

How it works

To use Solo V2, it’s as easy as 1, 2, 3…

1) Log onto the website you desire to register your Solo V2 on and go to security settings. 

2) Typically, there is an option for enabling 2FA. In that selection, there will be an option to add a security key. Click on that, and follow the instructions to register the key. 

3) Once registered, next time you log in to your account the interface will request you to insert the security key and touch the button to authenticate.

 

FIDO2/WebAuthn are supported for two-factor authentication by all major applications including Google, Facebook, Dropbox, Okta, Duo and for passwordless login on Microsoft accounts and Windows Logon.

 

 

Solo V1 vs. V2: Why is V2 better?

 

● Reversible connector for both USB-A and USB-C. Solo V2 will be providing the first ever reversible USB-A connector. This will enable inserting the key into a USB Port and being able to decide what side you want to face up. This fixes the problem of having a key be oriented with the LED light not facing the operator.
 

● Touch Buttons. This a change from our original Solo key, which required a button to be depressed in order to activate. Depressing the button can cause physical stress and be awkward depending on where the key is inserted. The touch buttons remove the stress and allow for easier activation. 
 

● Industry leading NFC functionality. Innovative antenna design has resulted in Solo V2 crushing the original Solo key with significant performance, improving on the range and field strength. 
 

● Robust construction. Solo V2 was designed to strengthen the weak points that naturally occurs at the base of the USB connector and the PCB. Creating a hard robust exterior shell that has a cavity for the circuitry to sit in has additionally created an opportunity to seal in the circuitry with an epoxy that protects the circuitry from the environment. Result: a very strong key that is water resistant. 
 

● Solo V2 supports firmware upgrade. One of the big challenges for security keys is that most devices are not updatable, causing the user to run the risk of their gear being superseded. With Solo V2, users and enterprise customers can commit to our authenticator knowing that they will have access and benefit from the improvements we make to the firmware down the road.

 

 

 

Our Solo keys work seamlessly on many services including: Google, Facebook, Twitter, Dropbox, Github, and many more. 
 

Because Solo supports the new FIDO2 standard, you get the strongest, most secure login with protection against phishing, account takeover, and other online attacks. And it’s incredibly easy to use and consistent across all sites: when you login, after username and password, you plug Solo in your computer and just tap it to get access. Frankly, this is more convenient than typing OTP codes, besides being safer.
 

Even if you only secure your email (Gmail, Outlook, Fastmail) all other sites that have email-based password recovery, or use Google Login (or Facebook Login) become more secure.

 

 

Like it’s predecessor, Solo V2 comes with a colored, sleek (and grippy!) silicone case, that you can match with your style, and even change to fit your mood. 

 

Solo V2 boasts:

  • 3 touch buttons
  • Fully reversible connectors 
  • Multi-color LED for login indications 
  • Epoxy encapsulated electronics. 
  • Also, there’s no battery… so it’s always available and ready!

 

 

 

Always up-to-date

We believe that software must be up-to-date to be secure. Like laptops and mobile phones, security keys are adding more and more functionality, and therefore won’t be exempt from bugs and vulnerabilities. Since our very first model, all of our keys support signed firmware updates. Each device can only update to the latest firmware that has been securely signed by SoloKeys.

 

 

Strong NFC and Reversible USB

Solo was the first security key on the market with NFC + USB-C. We redesigned the v2 series from the ground up, delivering greatly improved NFC performance. Also, both the USB-A and USB-C are reversible. That’s right, the first reversible USB-A on the market.  Your Solo V2 USB-A will always be right side up!

 

Early prototype

 

Robust and Water-Resistant

One major requirement for v2 series was durability and we made one of the most robust keys on the market.

Components are assembled on a module, inserted in a cavity and sealed with a layer of epoxy. This makes the keys water proof and tamper resistant.

 

 

Trusted authentication leader

SoloKeys is the first company to implement U2F and FIDO2 in the open. Our hardware and firmware are open source, verifiable and FIDO2 certified.

 

 

Manufacturing

Made with a unique novel PCB construction that has been developed & perfected by SoloKeys.

  • Hard, robust exterior shell that collects inputs (USB, buttons, NFC).
  • An internal PCB that contains all the sensitive circuits and secure microcontroller.
  • The internal PCB is placed inside the external PCB & sealed shut using transparent epoxy.

 

 

Materials

  •  Matte Black Carbon Fiber FR4 encapsulation
  •  Transparent Epoxy encapsulation
  •  Gold Plated buttons and pads.
  •  High grade tensile Silicone cases 

 

 

Our manufacturing partners are a small family run business in the Emilia-Romagna region of North Italy.  This not only makes for great team getaways, but it also makes for a strong security story.

 

 

Our team with a couple of the factory owners.  We’re holding our very first Solo models created back in 2018.

Since then, we’ve made a number of changes to the manufacturing process to bring you Solo V2.  Now, the circuitry is placed on a tiny PCB, called the module PCB.

 

 

These module PCBs are then placed into a second PCB called a cavity PCB.  This construction provides a much higher level of durability, flush profile, side capacitive touch buttons, and a strong NFC antenna.

 

 

Custom made pogo pin jig used for pressing module PCBs into the cavity PCBs while in the oven.

 

 

After everything is tested and programmed, the electronics cavity is permanently sealed with clear epoxy.  This provides durability, waterproofing, and tamper resistance for the keys.  Here is a demo of our glue dispensing being set up.

 

 

 

Easy to deploy. Solo doesn’t require any software installation, it works out of the box on most browsers, operating systems and devices. It works great with GSuite, Okta, Duo and anything that supports WebAuthn/FIDO2.

Easy to use. It takes just one tap to authenticate. And we even made the USB-A plug reversible!

Protects against phishing and account takeover. Google reported 0 successful phishing attacks since they deployed security keys for 2FA. Security keys are particularly affordable if you have a large number of contractors that you need to authenticate.

Robust, water (and coffee) proof. We redesigned the hardware from the ground up to be incredibly robust and we sealed the components in epoxy to make it waterproof. Don’t wash it, but don’t worry about coffee spilling on it.

Secure upgrade. Unlike any other FIDO2 security key in the market, Solo supports secure firmware upgrade. Firmware upgrade is NOT automatic, it requires explicit user action, and you can only upgrade to an officially released SoloKeys signed firmware, not an arbitrary one. In case of security bugs, the upgrade process is secure and much cheaper than physically replacing all your security keys.

Open source. Your security / SRE teams and in general all the nerds in your company are going to love it! Want to make a surprise? Let us know and we can make custom cases for your team (minimum quantity: 40 devices).

PIV. For advanced authentication needs where WebAuthn does not cut it, an integral part of our strategy is the PIV (FIPS 201) companion app included with every key. Plug and play on Windows, easy OpenSC install on macOS and Linux.  Additionally, each device comes with both a P256 and Ed25519 attestation certificate, unique for the device, signed by our root CA during manufacture, and able to further attest PIV keys as generated on device.

For orders of 40 keys or more and for personalized cases please contact us at sales@solokeys.com.

 

 

We also sell a developer, non-locked version of our keys that is the same hardware, and can be updated/programmed with any firmware. We call it Solo Hacker.

You will be able to pre-order Solo Hacker from our website solokeys.com and we’ll ask if you want a reprogrammable key in a survey at the end of the campaign. 

 

Solo Hacker – developer version sold separately at solokeys.com

 

 

● Robust NFC performance (Near Field Communication). Antenna innovation leading to significantly better NFC performance than the original Solo Tap

● RUST programming language

● PIV(Personal Identification Verification) for advanced and enterprise use cases such as PKCS#11 (e.g. https://github.com/FiloSottile/yubikey-agentunl… SSH(Secure shell) key use for older versions of OpenSSH that do not support FIDO keys natively)

● PUF-based encrypted storage for all secret material – PUF(Physical Unclonable functions)

● Secure boot with signed firmware upgrades in the field 

● Trussed™ framework allowing easy extensibility with new apps (e.g., Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen is working on an app to store keys for Wireguard VPN)

● Device attestation certificates, ensuring authenticity of devices, usable as root of trust in PIV and other apps.

● OTP(One Time Password) for legacy authentication

● Robust and water resistant. Components placed in an external shell and sealed with a layer of epoxy.

 

 

 

 

The Fine Print

 

International Backers

We will ship Solo worldwide. Please note that you will be responsible for duties, fees and taxes applicable to your region.

We ship from the US and EU.

 

Estimated Delivery

We estimate shipping Solo V2 by the end of June 2021.

While we do not expect these to change, it is possible that the estimated shipment month may shift. We will provide updates when/if the estimated shipment date changes. At any time up until your Solo has shipped, you may request a full refund by emailing support@solokeys.com.

 

Need help? We’re here for you.

If you have questions at any time, during or after the campaign has closed, you can always reach us at support@solokeys.com.

 

Risks and challenges

Solo is ready to be manufactured, and we are ready to meet the estimated delivery times. We’ve done our best to predict demand and define a solid production plan. Should we miss any of our projections, we’ll let you know what’s happening, why, and correct it as quickly as possible.

 

Supply Chain Risk

We have already manufactured tens of thousands of security keys, and a few thousands Solo V2. We’re confident that our factory can easily scale to hundreds of thousand units. However, component delays and unexpected shortages can occur. If this happens, we’ll be sure to keep you informed and work to quickly resolve the issue.

 

Launch with the #1 Crowdfunding Agency today

A special thank you to our partners & sponsors

 

Hear about us on our favorite podcast at the Microsoft Cloud Show, episode 394

 

Risks and challenges

Due to the uncertainty brought about by the pandemic, the shipping dates are estimates. If manufacturing facilities are impacted by lockdown rules then Solo V2 might take ever so slightly longer to get made and shipped.

However, we have been in business for several years, and have a dedicated manufacturing partner with a track record of delivering high quality products on time. Production has already begun and is not expected to slow down any time soon.

 

Environmental Commitments

Long-lasting design

Made with a unique construction technique that has been developed and perfected by SoloKeys. Components are placed in an external shell and sealed with a layer of epoxy.

Reusability and recyclability

The packaging is 100% paper based and recyclable.

Country
Links