FCC ID: 2AU3H-ESECUFIDO2 FIDO Authenticator

eSecu FIDO2 Fingerprint Key User Manual

(V1.4) Excelsecu Data Technology Co., Ltd. www.excelsecu.com CONFIDENTIAL information of Excelsecu Data Technology Co., Ltd. NO WARRANTIES OF ANY NATURE ARE EXTENDED BY THIS DOCUMENT. Any product and related material disclosed herein are only furnished pursuant and subject to the terms and conditions of a duly executed Program Product Licence or Agreement to purchase or lease equipment. The only warranties made by Excelsecu Technology, if any, with respect to the products described in this document are set forth in such Licence or Agreement. Excelsecu Technology cannot accept any financial or other responsibility that may be the result of your use of the information or software material, including direct, indirect, special or consequential damages. You should be careful to ensure that the use of this information and/or software material complies with the laws, rules, and regulations of the jurisdictions with respect to which it is used. All rights reserved. Copyright 2019 Excelsecu Data Technology Co., Ltd. www.excelsecu.com Table of Contents 5. 1. Important Instructions .............................................................................................................. 4 2. Product Overview ...................................................................................................................... 4 3. Product Picture.......................................................................................................................... 4 4. Basic Operation of FidoFpTools ................................................................................................. 5 Fingerprint enrollment .................................................................................................. 5 4.1. Test Fingerprint ............................................................................................................. 7 4.2. Remove Fingerprint ....................................................................................................... 7 4.3. Set PIN ........................................................................................................................... 9 4.4. 4.5. Reset Device .................................................................................................................. 9 The Basic Operation of FIDO2 Fingerprint Key ........................................................................ 10 Register (First Time Only) ............................................................................................ 10 5.1. 5.2. Signing-In (After Completing Registration) ................................................................. 10 6. How to use FIDO2 Fingerprint Key with Microsoft for passwordless login ............................. 12 Register the FIDO2 Fingerprint Key ............................................................................. 13 Sign in with FIDO2 Fingerprint Key .............................................................................. 16 7. How to use FIDO2 Fingerprint Key with Google for 2-Step Verification.................................. 18 Register the FIDO2 Fingerprint Key ............................................................................. 18 7.1. Sign in with FIDO2 Fingerprint Key .............................................................................. 21 7.2. FAQ .......................................................................................................................................... 23 How do I install the FIDO2 Fingerprint Key to my computer? ..................................... 23 8.1. 8.2. I have two gmail accounts, how many FIDO2 Fingerprint Keys do I need to protect two gmail account. Do I need 2 keys? ............................................................................................ 23 8.3. What should I do if I lost my FIDO2 Fingerprint Key? ................................................. 24 8.4. Does this FIDO2 Fingerprint Key have NFC capabilities? ............................................. 24 8.5. Does this FIDO2 Fingerprint Key have Bluetooth capabilities? ................................... 24 8.6. What applications support FIDO2 Fingerprint Key? .................................................... 24 9. Product Specs .......................................................................................................................... 24 6.1. 6.2. 8. www.excelsecu.com 1. Important Instructions Thank you for using eSecu FIDO2 Fingerprint Key!

Please read this manual before operating your eSecu FIDO2 Fingerprint Key (FIDO2 Fingerprint Key for short) and keep it for future reference. 2. Product Overview eSecu FIDO2 Fingerprint Key is a hardware authenticator complying with FIDO2 standard and FIDO U2F standard, which is self-developed by Excelsecu. By using an eSecu FIDO2 Fingerprint Key, users are freed from having to remember and type passwords as well as less to worry about their account information stolen by phishing, hacking or viruses. It uses Private / Public Key (asymmetric) cryptography to provide strong authentication and can be used on FIDO2-

enabled or U2F-enabled services and applications as a factor of two-factor authentication, multi-factor authentication or passwordless authentication. 3. Product Picture The key has the following lighting states:

Steady red light: Insert the FIDO2 Fingerprint Key in the computers USB port/ Fingerprint www.excelsecu.com verification fail. Flashing red light: Need to touch. Flashing green light: Fingerprint enroll/ Need to verify fingerprint. Steady blue light: long press the button for 5 seconds to enter the Bluetooth pairing mode for the first time. After paired successfully, the steady blue light turns to flashing blue light. Flashing blue light: short press the button to enter the Bluetooth mode. 4. Basic Operation of FidoFpTools 4.1. Fingerprint enrollment Before using FIDO2 Fingerprint Key, fingerprint is always required to be enrolled. 1. Launch the FidoFpTools.exe as administrator, and plug the FIDO2 Fingerprint Key into PC. 2. Click Add Fingerprint. Add the fingerprint according to the prompt. Note: If you have set PIN before, you are needed to verify the PIN before adding the first www.excelsecu.com Fingerprint. If you have added fingerprint before, you are needed to verify the fingerprint before adding another Fingerprint. 3. After the fingerprint is successfully enrolled, a fingerprint will be listed in the text box. www.excelsecu.com 4. Then you can test the fingerprint, remove the enrolled fingerprints, change the enrolled fingerprint name and set PIN via Excelsecu FidoFpTools to enjoy secure authentication experience. 4.2. Test Fingerprint 1. Click Test Fingerprint, and follow the instructions. The key flashes green light. You are required to verify the fingerprint. Warning:

For security concern, the key will be blocked if user fails to verify fingerprint 15 times (3 times per retry 5 retry counts) in a row. User can only unlock via reset device (All stored data will be lost). 4.3. Remove Fingerprint Make sure to choose the right fingerprint to delete. (Take f2 as an example). Before deleting the fingerprint, you need to verify the fingerprint first. (At this time, the green light of the key flashes). After verification, the fingerprint will be removed. www.excelsecu.com www.excelsecu.com 4.4. Set PIN Set PIN and then click OK. Numbers, letters and special symbols are supported. The PIN has a limitation of 4 to 63 characters. Note: If you have set PIN before adding Fingerprint, you are needed to verify the PIN before adding the first Fingerprint. If you have added Fingerprint before, you are required to verify the fingerprint during setting PIN. After PIN is set, the Set PIN button turns gray and unavailable. 4.5. Reset Device Click Reset Device, the key flashes red light, and you need to touch the key. Warning:

When you reset your device, all data stored will be deleted including your credentials. www.excelsecu.com 5. The Basic Operation of FIDO2 Fingerprint Key 5.1. Register (First Time Only) 1. Enter the username and password to log in to any application that supports FIDO U2F/FIDO2. 2. Insert the FIDO2 Fingerprint Key in a USB-A port. 3. Add the FIDO2 Fingerprint Key to your account(s). 5.2. Signing-In (After Completing Registration) 1. Open the website you want to log in. 2. Enter your usual username and password (for U2F-enabled services). 3. Connect the registered FIDO2 Fingerprint Key to your computer. 4. Authenticate with a simple press of the fingerprint module. www.excelsecu.com 5.3. Signing-In (After Completing Registration) 1. Open the website you want to log in. 2. Enter your usual username and password (for U2F-enabled services). 3. Connect the registered FIDO2 Fingerprint Key to a mobile device (Bluetooth mode) or PC (USB mode). 4. When prompted, authenticate with a simple touch of the fingerprint module to sign in. 5.3.1 Bluetooth Pairing Mode (First Time Only) 1. Long touch metal edge of the sensor for 5 seconds to enter the Bluetooth pairing mode for the first time. The indicator light is steady blue. If there is no pairing request received in 60 seconds, the indicator light goes out and the FIDO2 Fingerprint Key exits Bluetooth pairing mode. 2. Scan Bluetooth devices on your client side (e.g. a smart phone). Connect to the device which has the same SN as printed on the back of the FIDO2 Fingerprint Key. 3. Input 6-digits PIN as printed on the back of the FIDO2 Fingerprint Key. When paired successfully, the blue light should start blinking. 4. When an authentication request is received, the light blinks red, place the finger on sensor to verity to complete the authentication. For security purpose, the FIDO2 Fingerprint Key will be forced to shut down after 60 seconds. 5.3.2 Bluetooth Mode (Paired Before) 1. Touch metal edge of the sensor to enter the Bluetooth pairing mode. The indicator light blinks blue. 2. When an authentication request is received, the light blinks red, place the finger on sensor to verity to complete the authentication. For security purpose, the FIDO2 Fingerprint Key will be forced to shut down after 60 seconds. www.excelsecu.com 3.2.3 USB Mode 1. Insert the registered FIDO2 Fingerprint Key to the computers USB port. The indicator light is red on all the time. 2. When an authentication request is received, the light blinks red, place the finger on sensor to verity to complete the authentication. 3.2.4 NFC Mode 1. Please make sure NFC of the mobile device is turned on. 2. Tap your registered FIDO2 Fingerprint Key on the NFC sensor of mobile device when its asking for a security key. 3. When an authentication request is received, the light blinks red, place the finger on sensor to verity to complete the authentication. 6. How to use FIDO2 Fingerprint Key with Microsoft for passwordless login You need to use the Edge browser and Windows 10 operating system, and the system version must be 1809 and above. We recommend you to add FP and PIN for the FIDO2 fingerprint key before using it. The table below shows the features in the key and corresponding operation you are needed. Features in the key Add key to Microsoft account Sign in with the key Fingerprint Only Fingerprint + PIN Only requires to verify the FP If FP passed, adding key/signing in is successful. If FP not passed, adding key/signing in is failed. Firstly, verify the FP If FP passed, adding key/signing in is successful. If FP not passed, verify PIN is needed. If PIN is passed, then touch the key, and adding key/signing in is successful. If PIN is not passed, adding key/signing in is failed. PIN Only Only requires to verify the PIN www.excelsecu.com If PIN is passed, then touch the key, and adding key/signing in is successful. If PIN is not passed, adding key/signing in is failed. No PIN or no Fingerprint You are asked to set PIN for the key by windows security firstly. After PIN is set, touch the key, and adding key is successful. Only requires to verify the PIN If PIN is passed, then touch the key, and signing in is successful. If PIN is not passed, signing in is failed. Here we take Fingerprint + PIN as an example to show you how to use FIDO2 fingerprint key with Microsoft for passwordless login. You can reference Chapter 4.1 to enroll the fingerprint. 6.1. Register the FIDO2 Fingerprint Key 1. Click My Microsoft account after signing in. 2. Select Security. 3. Click more security options. www.excelsecu.com 4. You will be asked to verify your identity. 5. After the verification is passed, enter the Additional security options page, and click Set up a security key under Windows Hello and security keys. www.excelsecu.com 6. Identify what type of key you have (USB or NFC) and click next. 7. Insert your key into the USB port and touch your key to verify the fingerprint when the key flashes green light. Note:

If the fingerprint verification failed, and if you have set PIN for the key, you will be asked to verify the PIN of your key. After PIN is verified, the key flashes red light, and you are required to touch the key. If the fingerprint verification failed, and if you havent set PIN for the key, for security concern, www.excelsecu.com the key will be blocked if you failed to verify fingerprint 15 times (3 times per retry 5 retry counts) in a row. You can only unlock via reset device (All stored data will be lost). 8. Name your FIDO2 Fingerprint Key, and the registration is finished. 6.2. Sign in with FIDO2 Fingerprint Key 1. Click Sign in. 2. Click Sign in with a security key. 3. Insert your key into the USB port and touch your key to verify the fingerprint when the key flashes green light. www.excelsecu.com Note:

If you have set PIN for the key, and if the fingerprint verification failed, you will be asked to verify the PIN of your key. After PIN is verified, the key flashes red light, and you are required to touch the key. If you havent set PIN for the key, for security concern, the key will be blocked if you failed to verify fingerprint 15 times (3 times per retry 5 retry counts) in a row. You can only unlock via reset device (All stored data will be lost). 4. Sign in successfully. www.excelsecu.com 7. How to use FIDO2 Fingerprint Key with Google for 2-Step Verification 7.1. Register the FIDO2 Fingerprint Key Register FIDO2 Fingerprint Key with your Google account to make it become the second authentication factor. 1. Log in to the website: https://www.google.com/ and click Login in the top right corner. Enter your account name and password. 2. Once you have successfully logged in, click on your Google Account. 3. Select security->2-step verification. www.excelsecu.com 4. You will be asked to log in again. 5. Click ADD SECURITY KEY. 6. Click NEXT to continue. www.excelsecu.com 7. You will be prompted to insert your FIDO2 Fingerprint Key into a USB port. 8. When the red light of the key is flashing, it means you are required to touch the key. Press the fingerprint module on FIDO2 Fingerprint Key. 9. Rename the FIDO2 Fingerprint Key, click DONE to finish. www.excelsecu.com 10. The FIDO2 Fingerprint Key becomes the default second authentication factor of your account. You will be asked to use it to complete 2-Step Verification when sign in to Google in the future. 7.2. Sign in with FIDO2 Fingerprint Key 1. Log in to the website: https://www.google.com/ and click Login in the top right corner. Enter your account name and password, then click Next. www.excelsecu.com 2. You will be prompted to insert your FIDO2 Fingerprint Key into a USB port. When the red light of the key is flashing, press the fingerprint module on FIDO2 Fingerprint Key. 3. Click Next to login. Note:

www.excelsecu.com By default, Dont ask again on this computer is checked. After checking the box, the next login will skip the two-step verification and log in directly with the user name and password. You can undo trusted devices in settings to restore the use of two-step verification. Click Revoke All to clear the trusted device. 8. FAQ 8.1. How do I install the FIDO2 Fingerprint Key to my computer?

Answer: You don't need to install it, its plug and play. It works with Windows, macOS, Linux, Chrome OS. 8.2. I have two gmail accounts, how many FIDO2 Fingerprint Keys do I need to protect two gmail account. Do I need 2 keys?

Answer: You can use one FIDO2 Fingerprint Key with multiple accounts, but that is not recommended. Regardless of if you're protecting one gmail account, or two - you should register multiple keys (if the service allows it). That way, if you lose your key, or it's damaged, or it's stolen, you will still have a backup key ready to use. www.excelsecu.com 8.3. What should I do if I lost my FIDO2 Fingerprint Key?

Answer: Just go to the website your key already registered. On the 2-step verification tab or similar tab, delete the device. Two FIDO2 Fingerprint Keys are recommended, one for normal use, the other for backup. 8.4. Does this FIDO2 Fingerprint Key have NFC capabilities?

Answer: No 8.5. Does this FIDO2 Fingerprint Key have Bluetooth capabilities?

Answer: No 8.6. What applications support FIDO2 Fingerprint Key?

Answer: The applications support FIDO U2F/FIDO2 include but not limited to: Google, Microsoft, Facebook, Dropbox, GitHub, Salesforce, Dashlane, etc. 9. Product Specs Product System Browser Functions Algorithm Size Interface Protocol Data Retention Rewrite Cycle Operating Voltage Operating Current eSecu FIDO2 Fingerprint Key Windows, macOS, Linux Edge, Chrome, Firefox, Opera, Safari FIDO U2F, FIDO2, OATH HOTP (optional) SHA256, AES, HMAC, ECDH, ECDSA 63.7x19x11.6 (mm) USB-A CTAPHID, HID Keyboard 20 years 100,000 times 5V10%

Max <40mA www.excelsecu.com 508dpi

<1s

< 0.001%

< 1%

30 fingerprints

-10~60

-20~60 2 LED (Red, Green) AL, PC CE, FCC, RoHS, WEEE, FIDO2 L1 FP Sensor Resolution Verification Time False Accept Rate False Reject Rate Storage Operating Temperature Storage Temperature Indicator Light Material Certificate www.excelsecu.com FCC STATEMENT :

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:

(1) This device may not cause harmful interference, and

(2) This device must accept any interference received, including interference that may cause undesired operation. Warning: Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. NOTE: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help. FCC Radiation Exposure Statement:

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20cm between the radiator & your body. www.excelsecu.com

Label Location On EUT Label Product Name: FIDO Authenticator Model No.: eSecu FIDO2 Fingerprint Key FCC ID: 2AU3H-ESECUFIDO2

Excelsecu Data Technology Co., Ltd. Declaration concerning Antenna Specification It is hereby declared that the product Model No.: eSecu FIDO2 Fingerprint Key FCC ID : 2AU3H-ESECUFIDO2 fulfills the requirement in FCC test relating to the antenna type. The device specified above confirms to the FCC recommendations for internal antenna type(s) described below:

BLE:

Model No. of antenna: N/A Type of antenna:

PCB Antenna Gain of the antenna: 2.5 dBi Frequency range: 2402-2480MHz NFC:

Model No. of antenna: N/A Type of antenna:

PCB Antenna Gain of the antenna: 2.5 dBi Frequency range: 13.56MHz The mounting of the antenna is fixed to the radio module and no other antenna should be used. Company name: Excelsecu Data Technology Co., Ltd. Address: Unit 701-708, South 7/F, SDGI Building A, No.2 Kefeng Rd., Nanshan District, Shenzhen, Guangdong, China City:

ZIP / Postal code:

Country:

Shenzhen China China Date: 2019-12-30 Place:

Signature:

version01