TrustKey T110

The TrustKey T110 provides a plethora of options for authenticaiton, including HOTP and TOTP, resident SSH keys, and more, but is hampered by a convoluted management application.

Vendor Website Purchase from TrustKey Purchase on Amazon

TrustKey T110

FIDO2 Certification

Has been certified by the FIDO Alliance as conforming to FIDO2 standards

More Info

FIDO L1 Certification

Certified by the FIDO Alliance to meet L1 Security Standards

More Info

HOTP passwords

Supports Hashed One-Time-Password generation

More Info

Management Application

Vendor provides applications that extend or configure the device

MacOS management application

Management application runs on MacOS

Windows management application

Management application runs on Windows

Resident Cryptographic Keys

Supports U2F/WebAuthn discoverable/resident authentication keys

More Info

Resident ECDSA keys

Supports ECDSA discoverable keys

Timed OTP passwords

Supports Time-based One-Time-Password generation

More Info

U2F Authentication

Conforms to the U2F Authenticator/WebAuthn standard

More Info

From its feature list, the TrustKey T110 would look like a perfect replaceement for Yubico’s Yubikey. On the surface, that’s correct, but features alone are deceiving.

HOTP and TOTP

Accessing HOTP and TOTP values is done through an application, the TrustKey Key manager, that runs on either MacOS or Windows. This application has three main functions:

• Adding/removing up to 50 TOTP/HOTP applications from the token
• Putting the generated TOTP/HOTP values in applications
• Setting the PIN and factory resetting the token

SSH

The TrustKey T110 does support SSH Resident keys, but requires a PIN to be set before the SSH key is added. Failure to do so will result in the key saying it accepted the resident key, but silently dropping it.