ePass FIDO-NFC MultiPass Security Key Manual

Table of Contents

User Manual

ePass FIDO-NFC MultiPass Security Key

For google 2-Step Verification & Advanced Protection Program

Overview

FEITIAN ePass FIDO® Series Security Key is a FIDO® U2F certified authenticator. Unlike traditional second-factor authentication devices, FIDO® U2F provides a much more convenient solution to replace or be a plus of traditional password. A single FEITIAN ePass FIDO® Security Key can protect an unlimited number of applications. Each application will be assigned an independent key pair.

FEITIAN ePass FIDO® Series Security Key employs high-performance secure element. All credentials are physically protected by the hardware security chip. The confidential information and credentials will never be revealed under any type of attacks such as phishing and man-in-the-middle.

Users’ accounts will always be secure even though the whole server of the application you are using is hacked. The public keys stored in the application server might be revealed under attacks while however, your private key is always under protection.

FEITIAN ePass FIDO® -NFC and MultiPass FIDO® Security Key are devices to go beyond the traditional two-factor authentication systems, the built-in BLE (MultiPass FIDO® only), NFC, and USB communication interfaces empower users to select the desired channel and complete a secure FIDO® U2F authentication across any of your client devices in contact or wirelessly, including desktop, notebook, tablet, and smartphone.

Diagram

Compatibility

Note: Please keep updating to latest operating system(s) / software formaximum compatibility. Compatibility (Using Chrome browser

Registration

Google 2-Step Verification

Note: The following registration process can only be done on PC over USB connection.

Log in to your Google account with a Chrome core based browser on a computer;
Click “My account” -> “Sign-in & Security” -> “2-Step Verification”;

3. Click “Add Security Key” and follow the instruction to complete the registration;

4. You will be informed to insert your ePass FIDO® Security Key during the registration process;

5. Click / touch the button to proof the user presence when the authentication indicator blinks. Your registration will complete in a moment.

RegistrationGoogle Advanced Protection Program

Note: The following registration process can only be done on PC over USB connection.

Access the home page of Advanced Protection Program with a Chrome core based browser on a computer at: https://landing.google.com/advancedprotection/
Click “GET STARTED” and you will see a page as shown below;
Get 2 security keys ready and click “I HAVE 2 SECURITY KEYS”; Note: The brand and token model recommended in this page are not mandatory. Any FIDO® U2F certified security can be used for Google Advanced Protection. However, to maximize the compatibility, using the token shown in the page is highly recommended.
You will be required to enter your password again;
The registration process starts as shown below. Register the security key one by one and click “CONTINUE”;
Read and confirm the notifications about Advanced Protection Program and click “TURN ON”. Your registration will complete in a moment.

Authentication

Via USB

Log in to your Google account with a Chrome core based browser on a computer using your account and password.You will be informed to insert your registered ePass FIDO® Security Key during the authentication process;
Click / touch the button to proof the user presence when the authentication indicator flashes;
Your authentication will complete in a moment.

Note: Please do take your ePass FIDO® Security Key with you all the time in case you’re asked to do the authentication procedure again.

Authentication Via Bluetooth

Note: Bluetooth authentication only works for MultiPass FIDO®.

2. Follow the instruction on your mobile device. You will be asked to present your registered MultiPass FIDO® Security Key. Please make sure Bluetooth of the mobile device is turned on;

3. You need to pair your registered MultiPass FIDO® Security Key first when using it on your mobile device for the very first time. Click “More options” -> “Pair a new security key” -> “Next” to start pairing procedure;4. Press and hold the button on your registered MultiPass FIDO® Security Key for over 5 seconds to active Bluetooth Pairing Mode, a blue indicator shall flash;

5. Select your registered ePass FIDO® Security Key from the Bluetooth Device List. The Bluetooth Device ID of your Security Key is a 6-letter alphabetic name printed on the back of it;

6. Input the 6-digit muneric Passcode printed on the back of your Security Key and click “Pair”;7. Pairing procedure and your first-time authentication on this mobile device will complete in a moment. Now you can login to any Google Service app on this mobile device with your account for a certain period wihout being asked to do the authentication procedure again.

Note: After this certain period, you will be asked to authenticate you to this mobile device again. Please do take your MultiPass FIDO® Security Key with you all the time in case you’re asked to do the authentication procedure again.

8. When you’re asked to authenticate yourself on a paired mobile device again, present your registered ePass FIDO® Security Key. Please make sure Bluetooth of the mobile device is turned on;

9. Click the button on your MultiPass FIDO® Security Key to complete the authentication, a green indicator shall flash;

10. Your authentication will complete in a moment.

Authentication Via NFC

Note: NFC authentication only works on android devices.

Make sure your Google Play services is up to date, then go to “Settings” -> “Account” -> “Add Account” -> “Google Account”;
Follow the instruction on your mobile device. You will be asked to present your registered ePass FIDO® Security Key. Please make sure NFC of the mobile device is turned on;
Tap your registered ePass FIDO® Security Key to the mobile device’s NFC sensor to complete the authentication;
Your authentication will complete in a moment.

Note:After a certain period, you will be asked to authenticate you to this mobile device again. Please do take your ePass FIDO® Security Key with you all the time in case you’re asked to do the authentication procedure again.

FAQ

Q: How can I pair MultiPass FIDO® Security Key with my iPhone? A: iPhone does not allow the Security Key to be paired over the Bluetooth setting page directly. You need to download the application “Smart Lock” from app store and use the “Smart Lock” to pair the Security Key.

Q: Can I use MultiPass FIDO® Security Key on PC over Bluetooth? A: Most of the FIDO® U2F PC applications rely on HID interface which Bluetooth is not compatible with that. Please use the token on PC over USB interface. A U2F Bluetooth adapter will be released soon. This adapter will allow you to use the MultiPass FIDO® on PC over Bluetooth.

Q: What browsers support FIDO® U2F Security Key? A: Chrome and Chrome core based browsers (Such as Epic browser), Firefox. The support of other browsers will come soon.

Q: Can I install my own applet into the JAVA Smart Card inside MultiPass FIDO® Security Key? A: Standard product does not allow modification on the JAVA Smart Card. Installing customized application will need placing a customization order to FEITIAN.

Q: What applications support FIDO® U2F Security Key? A: The applications support FIDO® U2F include but not limited to: Google, Facebook, Dropbox, GitHub, Dashlane, DUO, StrongAuth etc.

Q: How long is the battery life? A: The MultiPass FIDO® Security Key can be used for around 3 months for each full charging (Assuming using Bluetooth authentication 10 times / day).

Q: What to do if I lost my Security Key? A: Different applications provide different solutions for key recovery. Such as Google is using SMS OTP as alternative 2-step verification method while Facebook is using recovery codes. Please kindly check with your service provider about the security key recovery methods.

Q: Can I register a Security Key over my smart phone? A: You can always authenticate the security key with your mobile devices, but registration can only be done from a non-mobile device with Chrome and other U2F supported browsers.

Q: What app do I need to install for using the MultiPass FIDO® Security Keyon my Android phone? A: Nothing. Just be sure that the google play services and chrome browser are up to date.

Q: How can I know the battery is fully charged? A: Charging process starts automatically when USB cable is plugged in. A red indicator will be lit during charging process, and goes off when the Security Key is fully charged.

Q: Why the key is not working properly in Linux? A: In Linux, there should be a rules file for using U2F keys.Follow the following step to setup the rules file:

Download “70-u2f.rules” fromhttps://ftsafe.com/services/Resources.
Copy the downloaded file into /etc/udev/rules.d/ (You may need to use sudo mode).
Restart the system