Token2 PIN+ Series: Enhanced FIDO2 Security Keys


Token2 is excited to announce the start of the mass production of their revolutionary PIN+ series, a line of FIDO2 Security keys. These security keys feature advanced PIN complexity rules that set a new standard for security. The firmware development for the PIN+ series is now complete, and the company is currently making preparations for mass production.

The first devices from the PIN+ series are already available for purchase on Token2's web shop. Showcased on FIDO Alliance's website , these groundbreaking FIDO2 keys offer enhanced PIN complexity rules, surpassing even competitors with FIPS certification. Token2's PIN+ series raises the bar for security and provides superior performance.

The PIN+ series will be offered in three different form factors: USB-A, USB-TypeC, and a Dual-port design that includes both Type A and Type C ports. All three models will come equipped with an NFC chip on board, further enhancing their functionality and versatility.

PIN+ keys implement specific complexity rules for both numeric and alphanumeric PINs. Here are the rules explained:

For numeric PINs:

  • The minimum length of the PIN must be 6 digits. It can be increased using a tool, but it cannot be decreased. The lowest possible minimum length is 6 digits.
  • Sequential numbers in ascending or descending order are not allowed. For example, 123456 or 654321 are not valid PINs. Similarly, repeated digits like 111111 are also not allowed.
  • "Mirror" or palindrome numbers such as 321123 or 69233296 are not allowed.
  • There should not be more than 3 repeating digits out of the 6 digits. For instance, 111123 or 990000 are not permitted.

For alphanumeric PINs:

  • The minimum length of the password must be 10 characters.
  • The password must contain characters from at least two of the following four categories:
  • Uppercase characters A-Z (Latin alphabet)
  • Lowercase characters a-z (Latin alphabet)
  • Digits 0-9
  • Special characters (!, $, #, %, etc.)

These complexity rules ensure a higher level of security and prevent the use of easily guessable or weak PINs or passwords. It's important to note that the goal of these rules is not to prevent brute-force attacks as standard FIDO2 keys, including PIN+ keys, typically have a limited number of attempts allowed, usually around 8 attempts, before they enforce additional security measures, such as temporary lockouts or the need to reset the key.

In the table below, we present examples of numeric PIN codes to illustrate which ones would be accepted or rejected by our PIN+ keys, as well as the FIPS series of our competitor. This serves as a useful comparison:

Numeric PIN Code PIN+ Keys   Competitor's FIPS Series*
1234 Rejected Rejected
123456 Rejected Accepted
654321 Rejected Accepted
111111 Rejected Accepted
987654 Rejected Accepted
147852 Accepted Accepted
321123 Rejected Accepted

*The only PIN complexity for FIPS series is the requirement of having a minimum length of 6 digits.

See it in action!
We created an online tool that emulates the complexity check implemented on our PIN+ firmware.

Please note that the examples provided are for illustrative purposes only and do not cover the entire range of possible PIN codes. The comparison showcases how our PIN+ keys apply the complexity rules to determine acceptance or rejection of specific numeric PIN codes, and the same evaluation is done for the competitor's FIPS series.

By analyzing these examples, you can see the effectiveness of our PIN+ keys in enforcing robust PIN complexity rules, ensuring higher security standards compared to the competitor's FIPS series.

The PIN+ series also have additional features, such as ed25519_sk support and a serial number printed on the casing to simplify inventory management.

buy now

product updates

Did you know?

Token2 is offering currently the most secure FIDO2 keys for enterprise customers, known as the PIN+ Series FIDO2 keys. These keys, certified by the FIDO alliance, enforce PIN complexity at the firmware level. This unique feature is not available with other keys, even those marked as FIPS-certified.