We are pleased to announce that new OnlyKey software is now available which includes new features and improvements to existing features.
Windows Active Directory 2FA with Authlite
Windows Local Active Directory (AD) does not support FIDO security keys and typically users log in via password authentication. 3rd party solutions such as Authlite may be used to implement 2-factor authentication for Windows AD.
With OnlyKey and Authlite one-time passwords are used for Windows AD authentication, more information available at authlite.com.
Why Authlite and OnlyKey?
- Authlite supports physical security keys
- Authlite fails closed, unlike DUO which may in many cases be bypassed (e.g., boot into safe mode)
- Authlite does not require contact with external service, works offline, and only requires install of software on local domain controller
- Like OnlyKey, Authlite is a one-time cost per user
OpenSSH 2FA Support
OnlyKey now supports the new ed25519-sk key type and FIDO2 resident keys with OpenSSH. This feature is supported in OpenSSH 8.2 and later. Use OnlyKey to store SSH keys that can be used directly in in OpenSSH by following our guide here.