Ciptor Security Insights

The new Nitrokey 3 is the best Nitrokey ever!

Protection against hackers and industrial espionage

It offers NFC, USB-C and USB-A Mini (optional) for the first time. The Nitrokey 3 combines the features of previous Nitrokey models: FIDO2, one-time passwords, OpenPGP smart card, Curve25519, password manager, Common Criteria EAL 6+ certified secure element, firmware updates. This reliably protects your accounts against phishing and password theft, and encrypts your communications and data. With strong hardware encryption, trustworthy thanks to open source, quality made in Germany.

Use Cases

Passwordless login: Forget your password to log in to Microsoft services (e.g. Office 365) and Nextcloud and use Nitrokey for passwordless login instead.

Protect online accounts using two-factor authentication (2FA): Nitrokey is your key to secure login to websites (e.g. Google, Facebook; overview at Using FIDO2, FIDO U2F, or one-time passwords (OTP), your accounts remain secure even if your password is stolen.

Phishing protection: When using FIDO, the respective domain is automatically checked and users are effectively protected against phishing attacks.

Mobile usage with smartphones: Using FIDO and NFC, you can also securely access your accounts on Android and iPhone smartphones.

Encrypt data and emails: Encrypt your emails with GnuPG, OpenPGP, S/MIME, Thunderbird or Outlook. Encrypt entire hard drives using TrueCrypt/VeraCrypt, LUKS or individual files using GnuPG. Your private keys are securely stored in Nitrokey and cannot be exported/stolen.

Passwordless logon to Windows 10 computers: Employees will be able to log in to their Windows 10 Pro computers managed by Azure Active Directory without passwords. All that is required is a Nitrokey 3.
Passwordless login to your own enterprise systems: Replace your password policy, unauthorized password slips and costly password resets with passwordless login with the Nitrokey 3. Security and acceptance through simplicity. We are happy to advise you on integration.

Administering servers securely with SSH: Always have your SSH key securely with you in Nitrokey. Your key is PIN protected and cannot be exported/stolen from the Nitrokey. This eliminates the insecure and annoying synchronization of key files on client systems.

Protect Internet of Things (IoT) and own products: Protect your own hardware products by integrating Nitrokey. Ideal for remote maintenance and ensuring product authenticity.

Store cryptographic keys securely: Store cryptographic keys and certificates securely in Nitrokey, preventing their theft.
Protect computer BIOS integrity: Using the Nitrokey and Measured Boot, the integrity of the computer BIOS/firmware is verified. The colored LED of the Nitrokey signals whether the BIOS has integrity (green) or whether tampering has been detected (red). Compatible e.g. with NitroPads.


FIDO U2F, FIDO2 for passwordless login: FIDO sets new standards in easy usability and thus achieves high acceptance. FIDO reliably protects your accounts against password theft and phishing.

Disabled passwords to protect accounts against identity theft: Protect your accounts against identity theft. One-time passwords are generated in Nitrokey and serve as a second authentication factor for logins (in addition to your normal password). Thus, your accounts remain secure even if your password is stolen.

Secure cryptographic key storage: Store your private keys for encrypting emails, hard drives or individual files securely in Nitrokey. This way they are protected against loss, theft and computer viruses and are always with you. Key backups protect against loss.

Password Manager: Store your passwords securely encrypted in the integrated password manager. This way you always have your passwords with you and they remain protected even if you lose your Nitrokey.

Integrity Check / Tamper Detection: Verify the integrity from the computer BIOS using Verified Boot. The Nitrokey's colored LED indicates whether the BIOS has integrity (green) or tampering has been detected (red). Supported computers require a BIOS based on Coreboot and Heads such as the NitroPad.

Apr 30th, 2021

Beijing, China and Santa Clara, CA — April 29, 2021 — FEITIAN has been qualified to be the first security key and smart card vendor to achieve the FIDO Biometric Component Certification.  This is mandatory to qualify for FIDO Level 3 and higher Certification.

FEITIAN continues to build a full range of strong Multi-Factor Authentication (MFA) and Identification Access Management (IAM) solutions with a variety of security keys and smart cards. The fingerprint biometric module is now certified as a component of FEITIAN’s already FIDO Certified security keys and smart cards. This represents the first and the only security key or smart card module with Fingerprint Biometrics capabilities that passed the FIDO Biometric Component Certification Program. This FIDO Biometric Component Certification has proved that FEITAIN has the ability as well as strength to provide a best in class security solution in the field of multi-factor authentication.

In recent years, biometric technologies such as facial recognition, iris scanning, and fingerprint matching have become popular across commercial, personal, and public sectors. In particular, fingerprint biometric has driven digital transformation across many industries, such as banking and transportation. This has become a popular way to replace passwords and PINs. Biometric Component Certification Program launched by FIDO Alliance, is the first industry-defined program to validate biometric performance and security.

"We are pleased to announce this industry-first certification for the fingerprint biometric component which is already being used in a number of FEITIAN security key and smart card products. The certification is a testament to the security, reliability, and accuracy of our products", says Mr. Yan Yan, Vice President at FEITIAN.

In 2017, FEITIAN teamed with Microsoft to introduce the first FIDO2 biometric solution as part of the passwordless initiative to increase online security by eliminating passwords and FEITIAN continues to extend the biometric product line. FEITIAN products currently with the newly certified biometric module include: BioPass FIDO security key (USB-A/USB-C), BioPass FIDO Plus (PIV enabled), AllinPass FIDO security key (USB/NFC/BLE), and Fingerprint Biometric Smart Card.

With the right technology in place, you will be able to eliminate passwords and enhance employee productivity. Authentication is the cornerstone of secure digital transformation for platform businesses. Today AI is used both to secure and bypass authentication system. Trustworthy authentication is the key to becoming a future-ready company and will be one of the most important brand differentiators.

Passwords and Shared Secrets are the #1 Cause of Breaches.

Despite millions of dollars invested in authentication, users still log in with passwords each day. The reliance on and use of passwords disrupt the employee experience. CEO’s should not accept Passwords in the new reality where this is the highest risk today for your business.

$ 1.7B in Account Takeover (ATO) fraud costs have doubled since 2015. Despite millions of dollars invested in multi-factor authentication, most companies still rely on passwords – the hacker’s favorite target.

Does your organization have a plan for how to become Passwordless?

Zero Time to Lose

Companies that aren’t seeking new approaches and innovation, will not adept and capturing new ideas and putting them into practice, is going to get left behind, because there will be competitors and hackers that are waiting to take over your customers and employee’s workstations.

How are your CEO planning to eliminate Passwords for your organization?

How You Choose to Authenticate Matters

Today, ATO attacks are so common that over 90% of all login attempts are malicious and 56% of consumer banking is malicious login attempts. Passwords are not security – they are a vulnerability. To become a leading company in the future your business needs to move beyond password-based authentication. Passwords is not a recommendation by Gartner, McKinsey, Deloitte, Forrester or any other leading consultancy firm. Passwords and traditional MFA will not enhance the user experience, decrease costs associated with passwords, support digital transformation or to eliminate hacking attacks.

How will your business authenticate Consumers and Employees in the future?

The Best Way to Address Your Cybersecurity Issues is with Passwordless Authentication

Make sure to invest in a platform providing your organization with a passwordless authentication mechanism that leverages on your existing infrastructure with regard to Active Directory and your Identity Provider.

Make sure your choice of Passwordless Authentication Platform is designed to eliminate passwords and shared secrets across the enterprise.

Make sure to have a holistic approach to eliminate the use of passwords and shared secrets across the entire workforce. This will stop the rising costs and help desk volume caused by the complexity around passwords.

The most important leadership factor for modern CISO’s, CIO’s, Security, IAM and IT leaders is to deploy only FIDO-Certified authentication and ensure that user credentials are securely decentralized on your Employees or Customers mobile devices or SecurityKey’s. This will result in a level of efficiency, cost savings, and ease of use that was previously unachievable.

Passwordless authentication is indeed the next step, find out why leading enterprises deploy passwordless authentication and how we can help your business to become Passwordless.

How do we keep everybody working flexibly and get employees back together in a safe way?

 As we plan our longer term flexible working strategies, we expect that safe remote working will be the key to business success. As technology investments continue to drive this, we spoke with Kevin Turner, VP Sales Engineering at HYPR, and asked him how Passwordless Authentication can help.

 How do we give easy and secure access to devices and services to people who are going back to work? This is something we think about all the the time, how can we make it easier and in the same time more secure for both Consumers and Employees?

Passwordless Authentication with Zero Trust!

Zero Trust Authentication means by default that no user, device or application shall be trusted, instead the trust base of access control shall be reconstructed based on adaptive authentication, authorization and encryption technology. This is a brand new security concept and at HYPR we are dedicated to make it easy for organisations to implement Passwordless Authentication with Zero Trust, and to monitor, manage, provision and deploy passwordless policies across millions of user all from our fine grained FIDO access control center.

Home but never alone

 What about people working from home? There will still be a large number of people working from home. How do you fill the gap between people working from home vs in the office?

 It's important to ensure there is always an inclusive, "working together mentality"
We are always thinking about ways to make it easy for remote workers to access their workspace and to feel included, with the highest level of Authentication standard on the market FIDO2.

Tech is forcing us to Zero Trust

In general, the Zero Trust trend is here to stay and we see a rising need for physical authentication in combination with the mobile phone. We are therefore very happy to announce that we now support the SecurityKeys from Feitian. You can use different form factors from Feitian including their latest iePass FIDO2 SecurityKey's.

Kevin Turners Top 3 Recommendations:


Expecting your Identity Provider to get you there

 Legacy Identity Platforms were built on top of passwords and password-based MFA. While the IAM giants did an incredible job and revolutionized digital security, the elimination of passwords and shared secrets is not their core competency. In fact, authentication itself has always been an add-on feature for the IdP. There has been no need to invest significant resources in improving authentication. As a result, very little innovation has happened on that front.

Letting perfect be the enemy of Great

“We need everyone to be able to use the same authentication method everywhere, under all conditions, on day 1.”

This one-size-fits-all mindset often appears in large, complex organizations who are (rightfully) trying to eliminate passwords for all users. It is commendable to see project leaders striving to satisfy all use cases & edge cases on day 1. 

IT and Security Teams Who Are Not on the Same Page

The alignment of teams is critical to the success of a transformational project. Many IT initiatives have slowed down to a halt when departments are unable to meet eye-to-eye or have conflicting agendas. Any meaningful workforce transformation depends on your IT and Help desk becoming supportive champions of the project.

Cybercriminals are currently eager to gain access to the Zhenhua files and/or ways to exploit vulnerabilities by stealing data themselves.

While we all know what can happen if this ends up in the wrong hands, we know little about the markets they get this from. Where and how often is this data shared, at what price and what is the level of expertise of the buyers and sellers? To improve insights on this topic, our DarkCloud partner Web-IQ launches the clearnet hacking forum dataset per November 1st. As a starting point, the dataset contains discussions and advertisements of ten of the biggest clearnet forums around.

NB: Web-IQ is not paying to acquire specific data. We primarily index generic available data and links to specific databases.

Combined with WebIQ darknet datasets, a more holistic view can be achieved in the fight against cybercrime. Today, cybercriminals are looking for the Zhenhua files and/or ransomware. Start using DarkCloud to find out what they are looking for before reading it in the news!

This site uses cookies, by continuing you agree to the use of cookies