What is a SOLID webKey?

SOLID webKey securely stores up to 2000 passwords in a convenient and portable ‘key’ that you can wear on your keyring, or keep in your purse or wallet. We provide a free password manager application for use with SOLID webKey, this allows you to easily change all your passwords to strong, extremely hard to guess passwords. All you need to remember is one master password that unlocks your SOLID webKey.

In addition to storing old-fashioned passwords, the SOLID webKey also supports the FIDO U2F standard. You can register the SOLID webKey on any number of websites. As long as the browser you use supports U2F and the website supports the U2F standard, you can use your SOLID webKey as a strong but convenient second-factor authentication device.

How does the SOLID webKey work?
U2F operation:

Register your SOLID webKey on sites that support U2F. You may need to search for FIDO U2F support. On most websites, the registration can be done after second-factor authentication has been enabled, then choose "add security key".

Password Storage / Vault:

The SOLID webKey can be used as a Password Vault to store up to 2000 password entries. Each password entry can contain additional information such as the username and URL of the website. To manage the passwords on the SOLID webKey, we have adapted KeePass, an open source Password Manager application that you can download from our website. Go to the Download section to install the password manager application./p>

How does the SOLID webKey protect my identity?
  • Passords have many problems, so, unfortunately, the product cannot fully remedy the underlying flaws in passwords. Our aim is to help users overcome these problems.
  • The SOLID webKey and associated Password Manager does, however, make it much for difficult for hackers by making it easy to follow the recommendations regarding passwords.
  • The Password Manager allows you to choose very long and hard to guess passwords.
  • The SOLID webKey makes it easy for you to store these long, hard to crack passwords on a convenient key.
  • These passwords are never stored on your PC or in the cloud, reducing the attack surface significantly.
  • The passwords are only released when a real person taps the button, making it very hard for Trojan software or Malware to grab all your passwords.
  • Even if one password is compromised, all your other passwords are still secure.
  • On sites that support it, you can also add second-factor authentication.
  • If a site supports U2F you can use the SOLID webKey as a second-factor authentication key.
How SOLID webKey's U2F feature guards against Phishing

SOLID webKey supports the FIDO U2F protocol, designed to counter phishing attacks by using a cryptographically generated password that changes with every login.What is Phishing? Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication like email, SMS. WhatsApp etc. This information is then usually used to commit acts of fraud.

Even if you have generated an incredibly strong password using our password manager, a hacker might still trick you into entering this password on a Phishing website that looks like the real thing. This means that passwords on their own – even strong ones – are simply not good enough.

That’s why a growing number of websites are now offering FIDO U2F second factor authentication. In addition to the (regular) password database stored on the SOLID webKey, it’s also possible to register the SOLID webKey as a second-factor security key to authenticate selected online accounts.

What Is U2F and why do I need It?

U2F stands for Universal Second Factor. Basically, this means that your accounts are protected by two-factor authentication.

The 1st factor is creating a password in order to log into your account. This does not protect your personal information very well, as anyone who knows the password can access your account.

The 2nd factor provides a second, much more secure layer of security to your accounts. Think of doing an electronic bank transaction. Your bank will send you a message via SMS or email providing a security code that you need to authenticate the transaction.

What is the SOLID webKey password manager?

The webKey Password Manager (also called SOLID KeePass) is an adapted version of the excellent KeePass open source password manager. The application requires Windows 7 and above and can be installed from our website.

What if my SOLID webKey is lost or stolen?

Your passwords are safe as long as the thief does not have your Master Key. You will have to reset your passwords using the mechanisms provided by the various websites you have registered.

What is the process to return a SOLID webKey for any reason?

Send an email to solid-marketing@parsec.co.za for authorization.

What is a U2F standard and does SOLID webKey comply?

According to Wikipedia: Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication using specialised USB or NFC devices based on similar security technology found in smart cards.

https://en.wikipedia.org/wiki/Universal_2nd_Factor

The SOLID webKey complies to version 2.0 of the standard.

What benefits does the U2F standard compliance provide?

It allows you to use SOLID webKey on any site that provides standard U2F support. This includes Google, Facebook, DropBox, Github and others.

Will SOLID webKey work on my PC or Mac?

The U2F support will work on any operating system as long as the browser you use supports U2F and you have a USB port.

The Password Manager application is currently only supported on Windows. If you would like to request other operating system support, please send an email to solid-marketing@parsec.co.za

Now that I use the SOLID webKey, should I use the "remember Password" feature in my browser?

Our recommendation depends on your situation:

  1. With SOLID webKey, it is best to disable this feature so that all passwords will from now on be stored on the webKey’s vault.  It is also recommended to delete all saved passwords in your browser as you migrate all your passwords to the webKey./li>
  2. For critical website (banking email etc), be sure to disable this feature.
  3. If you are always using strong passwords generated by SOLID KeePass and the site that you are accessing is non-critical - it might be convenient to use the feature. Just be vigilant, your habits will often trump security.
  4. If you the password is stored in the SOLID KeePass database, but you are accessing the site on a mobile device that does not support SOLID webKey:. 
    • Enter the password manually and remember it on your mobile device. 
    • Make sure that the password is strong and unique.
  5. If you are using U2F on a non-critical site, it is relatively safe to allow the browser to remember your strong password, since you will still need the SOLID webKey for the second factor.
After registering on Facebook the site does not ask for SOLID webKey

This is the way Facebook implemented their U2F support. You may be able to force Facebook to request your U2F Security Key by clearing the cache in your browser.