How It Works

Background

OnlyKey was created in 2016 to solve a problem that no other device solves. As a security consultant and ethical hacker I would often be asked the question "how do we securely manage passwords?" Before OnlyKey the best option was a software password manager. They are convenient, but software password managers can also be a huge security risk.

If your passwords are all stored on your internet connected computer or in the cloud then what happens if your computer gets malware or if the cloud is hacked? As an ethical hacker I regularly conduct tests for clients to identify security flaws and when I hear they use a software password manager I know that all I have to do is compromise one computer and then I will be able to access every account the user has. These accounts then provide access to additional resources and many times eventually lead to compromise of the entire enterprise.  

OnlyKey Founder Tim Steiner 
CISSP-ISSAP, OSCP, CEH

How is OnlyKey different

Physical User Presence

OnlyKey was developed by a team of security experts and white hat hackers to stop malicious hackers. One thing hackers and malware on a computer cannot do is physically touch something. 

  • In order to use OnlyKey to log in, physical touch is required.
  • In order to read a secure message, physical touch is required.

Open Source

When our team first started building OnlyKey, security and openness were top priorities. Our design is open source and reviewed by the community to verify that there are no backdoors. This just isn't possible with other closed source products.

PIN Protected

When you first receive your OnlyKey the first step to set it up is to set a PIN. The PIN is entered directly on the OnlyKey PIN pad to activate OnlyKey. This provides the following advantages: 

  • Physical Security - If you lose your OnlyKey it is unusable without knowing the PIN.
  • Protected on Untrusted Computer - The PIN is entered on OnlyKey instead of on a computer. Entering a PIN on a compromised computer would result in compromise of the PIN. 
  • Only One PIN to Remember - Protect all of your accounts with only one PIN to remember.
all-accounts

    See it in action

    Touch to Login

    After OnlyKey is unlocked touch a button to automatically: 

    • Type and browse to the login page
    • Type username
    • Type password
    • Type two factor OTP or authenticate as security key (FIDO U2F)

    Touch to Read a Secure Message

    OnlyKey is OpenPGP compatible and the worlds first plug and play encryption device. It is universally supported and does not require special software or drivers. With OnlyKey and Keybase you can truly send and receive secure messages anywhere.  

    To send encrypted message:

    – Enter a message to encrypt with your Keybase ID and the recipient's

    – Enter the shown challenge code on the OnlyKey (i.e. 1,5,2)

    – Encrypted message will be displayed, by clicking the button it will be copied to clipboard

    – Paste the message into any email, chat, or app (Sending via Gmail shown)

     

    To view decrypted message:

    – Copy and paste a message to decrypt along with your Keybase ID


    – Enter the shown challenge code on the OnlyKey (i.e. 2,2,1)


    – Decrypted message will be displayed, if the sender signed the message you will see the sender’s name

    With OnlyKey your keys remain safe in secure hardware and Keybase makes sending secure PGP messages easier than ever.