blog

Introducing Token2 FIDO2 PIN+: The Security Key That Enforces Strong PIN Complexity

21-04-2023

We are excited to announce the upcoming launch of our latest product variation, the Token2 FIDO2 PIN+. The PIN+ series is a new variation of our existing security keys that deviates from the FIDO2 standards to provide stronger PIN complexity enforcement.


In today's world, where cybercrime is on the rise and data breaches are becoming increasingly common, it's more important than ever to protect sensitive data with strong authentication mechanisms. However, many security keys available on the market today only enforce PIN length, but not complexity. For example, even a FIPS-certified security key might only require a minimum PIN length of 6 digits, without any restrictions on the choice of numbers. This can lead to users choosing easily guessable PINs such as 111111 or 123456, which can compromise their security. .

That's where the Token2 FIDO2 PIN+ comes in. It is designed to enforce strong PIN complexity at the firmware level, which goes beyond the current FIDO2 standards that only define enforcing PIN length and not complexity. This ensures that users cannot choose weak, easily guessable PINs that could compromise their security.



What Makes the Token2 FIDO2 PIN+ Unique?

The Token2 FIDO2 PIN+ is not just another security key. It's a key that enforces strong PIN complexity at the firmware level, which deviates from the current FIDO2 standards that only define enforcing PIN length and not complexity. This ensures that users cannot choose weak, easily guessable PINs that could compromise their security. With the Token2 FIDO2 PIN+, administrators can rest assured that their users’ PIN is strong enough to withstand PIN guessing attempts. The key's firmware-level enforcement ensures that users cannot choose weak, easily guessable PINs that could compromise their security.

The PIN+ security key series enforces strong PIN complexity rules at the firmware level to ensure maximum security. The complexity rules include a minimum length of 6 digits, with the ability to increase the minimum length using a configuration tool. Additionally, sequential numbers in ascending or descending order, such as 123456 or 654321, are not allowed. Similarly, mirror or palindrome numbers like 321123 or 69233296 are disallowed. Finally, no more than 3 repeating digits out of 6 are allowed, such as in 111123 or 990000. These strict complexity rules ensure that users cannot choose easily guessable PINs, making it extremely difficult for hackers to compromise the security of the system. In addition to numeric PINs, the PIN+ security key series also allows users to choose alphanumeric PINs, commonly known as passwords. If users opt for passwords, the PIN complexity rules are different. The minimum length of the password is 10 characters, and it must contain characters from at least two of the following four categories: uppercase letters (A-Z), lowercase letters (a-z), digits (0-9), and special characters (such as !, $, #, %, etc.). These rules ensure that the passwords are sufficiently complex, making it difficult for attackers to guess or brute-force them.


Why Choose the Token2 FIDO2 PIN+?

If you're looking for a security key that offers the highest level of security and ease of use, the Token2 FIDO2 PIN+ is the key for you. With its advanced features and firmware-level PIN complexity enforcement, the Token2 FIDO2 PIN+ provides the most secure authentication experience possible. Whether you're a small business or a large enterprise, the Token2 FIDO2 PIN+ is the key to protecting your sensitive data and keeping your business secure, without relying on users when it comes to choosing PINs.


Availability

The Token2 FIDO2 PIN+ Series keys are already available on our web shop. buy now

product updates


Did you know?

Token2 is offering currently the most secure FIDO2 keys for enterprise customers, known as the PIN+ Series FIDO2 keys. These keys, certified by the FIDO alliance, enforce PIN complexity at the firmware level. This unique feature is not available with other keys, even those marked as FIPS-certified.