FAQ
Frequently Asked Questions
What are the differences between FIDO2 and FIDO U2F?
FIDO U2F is the oldest of the two FIDO standards (2014) developed by the FIDO Alliance. FIDO U2F is a second factor of authentication : U2F stands for Universal 2nd Factor. This method enables the user to access an IT resource (a computer, smartphone, website, application, etc.) after presenting two separate proofs of identity to an authentication mechanism. This is a two-factor identification (2FA) method, also called double authentication.
This second authentication factor complements your login/password. It can be a code sent by SMS or email, an authentication application (e.g. Google Authenticator), or for maximum security a physical security USB key such as Winkeo FIDO2 (+U2F). NEOWAVE also offers physical security device alternatives, such as BADGEO FIDO2 smart cards, compatible with FIDO U2F and FIDO2 standards.
FIDO2 is a more recent authentication method (end 2019). This method enables passwordless authentication to online services such as Windows 10/11 associated with Active Azure Directory. It replaces the login/password pair + second authentication factor with a PIN code, more secure than a password. The PIN code is not transmitted to online services. It is stored locally on the security key. In the case of the security key, you will need to insert it into your device's USB port, enter your PIN code and press the key's button to authenticate yourself.
FIDO2 is natively integrated into Windows 10/11 and Azure Active Directory (Microsoft web server). Our 2 FIDO2 products (Winkeo FIDO2 and Badgeo FIDO2) also support the U2F protocol.
What do FIDO2 devices look like?
FIDO2 devices are generally security keys with USB peripherals like Winkeo-A FIDO2 (+U2F) and Winkeo-C FIDO2 (+U2F). They can also take the form of smart cards like Badgeo Dual FIDO2 or Badgeo NFC FIDO2, which also use NFC technology.
Do I have to install drivers?
No, you do not have to do any installation, neither on computer, nor on tablet, nor on a smartphone.
What operating systems are supported?
The supported operating systems are: Windows 8, Windows 10 for FIDO U2F and FIDO2 keys and Windows 11 for FIDO2 (+U2F) keys and smart cards, (Mac) OS X 13.51+, Linux.
For Linux, see in the “FAQ” section, “How to use FIDO on Linux? "
Logging into Windows with Winkeo FIDO2 or Badgeo FIDO2requires configuring an Azure Active Directory. See our FIDO2 Microsoft Tutorial.
How to use FIDO on Linux?
For Linux, you will need to add a rule for udev. Create the following file with your favorite editor:
/etc/udev/rules.d/70-neowave.rules
With the following content:
ACTION!= »add|change », GOTO= »neowave_end »
# Neowave rule
KERNEL== »hidraw* », SUBSYSTEM== »hidraw », ATTRS{idVendor}== »1E0D », ATTRS{idProduct}== »F1D0″, TAG+= »uaccess »
LABEL= »neowave_end »
Then reload these rules with the following command:
sudo udevadm control –reload-rules
Winkeo or Badgeo should now be usable by the web browsers of your Linux distribution.
What browsers are supported?
Supported browsers are: Chrome, Chromium, Vivaldi, Opera, Mozilla Firefox, Microsoft, Safari.
For Safari on OSX, if a PIN code is requested/used you need Safari 14 Beta, otherwise Safari 13 is sufficient.
How do you register your IDs on a Winkeo or Badgeo for the very first time?
There is an enrolment procedure to follow which is specific to each service provider.
It is the service provider (Apple, Microsoft, Facebook, PayPal etc) who decides the enrolment procedure and the user journey.
Install and use my Winkeo key or my Badgeo card
Procedure for enrolling the Winkeo FIDO U2F key with Google
Procedure for enrolling the Winkeo FIDO2 key with Microsoft
At the bottom of the page you will find tutorials for registering your security key on various web services.
How do I register and use my Winkeo FIDO key with Bank of America?
Bank of America (BOA) supports the use of U2F security keys as a strong multi-factor authentication solution for high-value transactions. BOA also easily supports FIDO2-certified tokens.
The user can register/enroll U2F devices from online banking under the option Security Center -> Additional Security Features -> USB Security Key option as shown in the tutorial screenshots FIDO U2F Bank of America.
How to empty the Winkeo or Badgeo of the credentials it contains?
In FIDO2, there is a Reset command that can erase all FIDO2 credentials. Any FIDO U2F credentials stored are not impacted.
The procedure is as follows: go to the Windows settings (cogged wheel) => click on “Accounts” => then on “Connection options” => select “Security key” => click on “Manage” = > insert your security key into the USB port => touch the button on your security key => click “Reset” then follow the instructions. Your key or card has been reset.
If you want to initialize, reset or modify a PIN code, see the procedure in this same FAQ section.
How to initialize, reset or change a PIN code?
You want to initialize, reset or modify a PIN code, the procedure is as follows:
Go to Windows settings => click on “Accounts” => then on “Connection options” => select “Security key” => click on “Manage” => insert your security key into the USB port => touch the button of your security key => at the top of the window that appears, in the box dedicated to “Security key PIN”, click on “Add”, then follow the instructions.
If you wish to delete all the credentials from your Winkeo FIDO2 key or your Badgeo FIDO2 card, see the procedure to follow in this same FAQ section.
Do I need to associate the Winkeo FIDO2 USB security key with Azure Active Directory for it to work?
In general, FIDO products (FIDO2 or FIDO U2F) are used for web authentication. Azure Active Directory (AD) is the cloud version of Active Directory.
The use of a FIDO2 key with Windows 10/11 is relevant when the PC is used with Azure Active Directory. Windows logon cannot be done without Azure Active Directory.
You must first associate the Winkeo FIDO2 security key with your Azure AD account (see the set-up page of our website). Azure Active Directory comes in four editions—Free, Office 365 apps, Premium P1, and Premium P2. The free edition of Azure AD is enough to register a FIDO2 security key.
The Winkeo FIDO2 key works with Web browsers and OS on the market forFIDO2 (Microsoft Azure AD, AWS, LastPass, Ping Identity…) or FIDO U2F (Gmail, Google Apps for Work, Facebook, Dropbox, GitHub, WordPress…).
I want to customise my Badgeo or Winkeo with my logo, how do I do it?
Why is a PIN preferable to a password?
Some services may require you to increase coverage by associating a PIN with your key. This PIN will then be requested for any use of your key. This code is not sent to online services, it is only used locally to unlock the use of your key. It is not transmitted anywhere and is not stored on the server. A password is sent to the server: it can be intercepted during transmission or stolen from the server. Users may inadvertently expose their passwords due to phishing attacks.
How do I use the PIN?
It is possible to associate a PIN with FIDO2 (Badgeo or Winkeo) products only, but not FIDO U2F.
The PIN code can contain 4 to 63 characters (numbers, letters, symbols).
The PIN presentation is managed by the service provider.
There is a subtle mechanism within the product... If 3 bad PIN attempts are made then the product is temporarily blocked. You need to disconnect it and reconnect it before trying again. If there are another 3 bad PIN attempts, you can start over again, but then if there are 2 further bad PIN attempts the device is blocked.... After this you have to reset the product and start all the authentication enlistment procedures again.
PINs can be used regardless of the terminal.
Which badge reader to use for Badgeo?
To use the Badgeo on a computer, you need a contact or contactless smart card reader. It's ideally a NEOWAVE badge readerbut other badge readers on the market are compatible.
You can use Badgeo FIDO2 via the NFC with a tablet or smartphone with an NFC interface.
How does the Winkeo button work?
It's a normal physical presence button. Just press it. Winkeo doesn't read fingerprints, it's a capacitive button.
What to do if I lose the key or it no longer works or I reset it by mistake?
In almost all cases, a support service will allow you to recover access to your account through an identity verification procedure. Often another second authentication factor is also provided for this purpose. Since you can usually associate multiple Winkeo keys with the same account, you can also purchase a second one as a backup as a precaution or to keep one at work and another at home.
If you lost the key and ended up regaining access to your account, you should be able to disable the association of the lost key with your account on the administration interface of that service.
Pour toute autre question, n’hésitez pas à nous contacter au +33 (0)4 42 50 70 05 ou en envoyant votre message via notre formulaire de contact.