FIDO2 Level2 or Level3 support


My local citizen card / egovernment system allows me to use FIDO2 tokens as a second factor.
But it is required that the FIDO2 token is at least Level2 certified. As far as I know the current Onlykey does not have Level2 certification so it won’t let me add it.

According to this overview Level2 certification seems possible:

Mainly Level2 implementations can’t be software only and have to support attestation.

Could you add this feature? Is this “just” a matter of preparing and applying including paying the 7500 USD certification fee? Or are there technical roadblocks why Onlykey couldn’t get this certification?

Appreciate it!

For reference: Idem Key – USB/NFC Security Key is given by the government as an example of a FIDO2 Level2 certified token that will work with egovernment apps. It carrys the L2 logo.

No OnlyKey is FIDO2 L1 certified so it would not meet the L2 requirement.

1 Like

I was assuming th the L2 certification has not been done because it is relatively new, not because some requirements are not met.

Can you elaborate? Why did you get L1 and not L2 certification?
Which L2 requirement does the OnlyKey not meet?

There are several factors, its not really that the OnlyKey does not meet L2 requirements the certification costs and effort increase with each level. Currently I am not aware of many applications that require L2 certification, there would need to be a cost/benefit to pursuing L2 certification.

Why FIDO Level 2 Certification Matters

Example of an application:

Examples for Applications:

1 Like

A certain company that starts with Y has recently certified their whole lineup to Level 2 standard. Any news on getting OnlyKey Level 2 certified?