Maker builds FIDO2-compliant LionKey USB dongle for passwordless security

With their fiddly and indirect nature, one-time passwords (OTPs) are a curse of modern life. They’re a security risk and outdated. Frustrated, a maker has built a physical security key that’s compliant with FIDO2.

Engineer Aleksei Karavaev has shown off a compact USB dongle designed to host the open-source LionKey firmware, transforming it into a dual-USB FIDO2 security key for both mobile and desktop environments.

The device supports universal second-factor authentication and passwordless login, offering an alternative to proprietary hardware such as YubiKey.

Karavaev said the project was motivated by frustration with CAPTCHAs and OTP codes, alongside a desire for transparency in hardware security. He commented, “I didn’t really want to use a YubiKey because it’s closed-source, and I prefer to own things I understand and can verify.”

While SoloKeys offered an open-source option, Karavaev noted the lack of dual-USB solutions and his preference for firmware written in C rather than Rust. While Karavaev may not be too fond of Yubico’s YubiKey, the Ukrainian army has found them rather useful.

The dongle builds on LionKey firmware originally developed by Martin Endler as part of his master’s thesis. Karavaev’s design integrates an STMicroelectronics STM32H533 microcontroller, chosen for its enhanced cryptographic capabilities compared to the STM32L432 used in SoloKey, the maker explained.

The PCB features a USB Type-C connector at one end and an extended edge-connector for USB Type-A at the other, ensuring compatibility across smartphones, tablets and legacy devices. A shine-through RGB LED and experimental pins add flexibility for further development.

LionKey functions as a WebAuthn roaming authenticator, supporting CTAP 2.1 over USB 2.0 (CTAPHID). It enables PIN-based user verification and can store passkeys (client-side discoverable credentials).

Written in C without dynamic memory allocation, the firmware is optimized for resource-constrained environments and can be ported across different MCUs. The reference implementation runs on the NUCLEO-H533RE board with hardware-accelerated cryptography.

The project is documented on Hackaday.io, while the LionKey firmware is available on GitHub under the MIT license.

Article Topics

biometric authentication  |  biometric security key  |  biometrics  |  FIDO Alliance  |  FIDO2  |  LionKey  |  open source  |  passwordless authentication  |  USB