I’m a huge supporter of OnlyKey, which is why I have the Duo and the original onlykey. I use them on a daily basis, and they are the main door for my infrastructure.
Unlike other security keys, this one is actually upgradable, has a proper pin system, and so many emergency and admin features that I just can’t live without it nowadays.
I notice that it’s been a very long time since the last firmware upgrade (Dec 14, 2022) and perhaps there is no reason for an upgrade to begin with, and it is complete.
I just wanted to know if there will be an update to the firmware or new hardware that is planning on being implemented in the future, since many key companies are now upgrading their hardware to implement more storage for passkeys and other new standards (like yubikey 5.7 firmware).
This is a great product, the project support has been incredible, and I would hate to see it stop or disappear all together.
Are there features you would like to see in new firmware? Expanded passkey support may be an option but we have not heard this being a feature that is widely needed yet.
Honestly, I was just curious if the development has stopped or was it still on going when it came to hardware or software of ONLYKEY. Based on your words, it seems everything is alright, but people just didn’t ask for features I’m assuming, and thus no update needed.
As for new features suggestions, I have a few, but I’m not sure which can be implemented on current hardware.
Expand the username & password limit to 64 characters
Allow extended ASCII support (and emojis)
Expand passkeys limit
I’m not an expert in any way when it comes to security keys development, that’s why I apologize if any of these are impossible at the moment.
I think the question here needs to be…Is onlykey a deadend product? Can I get used to using my onlykey (which I absolutely love!) or should I/we look for something else?
This thing does EVERYTHING I want/need it to do, which no other device does, but I don’t want to get all used to using it and then…bam…no more onlykey. I hate to be a pessimistic person, but I’m just being real here. I RELY on this thing!
@Impenetrable I am the same way, which is why I made this post to begin with.
This device is the centre of my threat model, I use a password manager and the key is stored on the OnlyKey, I have no idea what it is by memory (I have backups and a way to recreate it, but conveniently it’s only through onlykey)
I want this product to succeed and continue to prosper, but it’s not getting much advertisement like YubiKey does, a lot of people don’t trust the open source aspect which is absurd, but if this is the end of it I need to know so that I could set up a contingency plan on what to do if it fails or set up a different backup method or search for an alternative product.
OnlyKey will continue to be sold for many years to come. We are also still working on an OnlyKey Pro product with encrypted storage but no ETA of when that will be available yet.
Sounds like we have the same setup. This is the key (password) to my password manager, along with a few other crucial logins…I have zero clue what the password is LOL due to it being so complex!
The ability to have this type passwords is the gold function to me. This and it being able to store passkeys offline and off-device (ie, not on my phone or pc hardware). The peace of mind is awesome!
I don’t think anyone should worry too much about OnlyKey not existing. It would be possible to migrate to another product. The device isn’t going to immediately break if the company ceased to exist. It would be more of a PITA. AFAICT there is no way to export your GPG master priv key from the device. That would be an issue (in fact, a good feature request). Anything encrypted would need to be decrypted/re-encrypted with a new key.
@t11 OnlyKey Pro seems interesting, and I’m sure resources/time are fully consumed/focused on that but user concerns seem reasonable. There are a few on the Git repo asking if the project is abandoned due to lack of activity. I take the point regarding new features but would there not be any CVEs or security updates need publishing? A maintenance update possibly?
Maybe this is off base but something to reassure users is likely to be appreciated.