LOGBOOK

HELP

Quiz Entry - updated: 2026.07.06

Besides built-in platform authenticators, what hardware can act as a passkey/FIDO2 authenticator, and how can it also serve as a second factor?

A dedicated FIDO2 security key (a special USB stick, from ~30 euros as reported by the German computing magazine c't in 2023) can store passkeys; even on sites that don't support full passkey login, such a key can be registered as a phishing-resistant second factor.

The coverage in c't (a respected German computing magazine published by Heise) describes several authenticator options beyond the device's own chip:

  • FIDO2 security keys ("Sicherheitsschlüssel") — USB sticks built specifically for FIDO2/WebAuthn, the classic cross-platform/roaming authenticator.
  • A smartphone linked via QR code, or a password manager acting as the authenticator.

Even where a service hasn't enabled passwordless login, you can often add a FIDO2 key as a second factor. Note c't's caveat: in that mode you're not passwordless — you still need your password plus the key, so it's 2FA, not a full passkey replacement.

Tip: Same physical key, two roles: a full passwordless passkey on supporting sites, or a strong phishing-resistant 2FA on sites that still want a password.

From Quiz: INTROL / Web Authentication: Cookies, OAuth 2.0 / OIDC & WebAuthn | Updated: Jul 06, 2026