A prototype is a preliminary model of something. Projects that offer physical products need to show backers documentation of a working prototype. This gallery features photos, videos, and other visual documentation that will give backers a sense of what’s been accomplished so far and what’s left to do. Though the development process can vary for each project, these are the stages we typically see:
Proof of Concept
Explorations that test ideas and functionality.
Demonstrates the functionality of the final product, but looks different.
Looks like the final product, but is not functional.
Appearance and function match the final product, but is made with different manufacturing methods.
Appearance, function, and manufacturing methods match the final product.
To bring future ready encryption everywhere, for everything, and for everyone.
It all started with a successful 2016 Kickstarter where we made OnlyKey, the perfect combination of security and convenience for managing secure passwords and two-factor authentication. We exceeded our goal 3x over and, one year later, OnlyKey Color is shipping worldwide.
Now, we are at it again and ready to take on the next challenge: Secure Encrypted Communication.
Current solutions for secure encrypted communication typically fall into one of three categories.
1) Web-based with *private key stored in the cloud or browser.
Examples: Protonmail, keybase.io, Mailvelope
2) App-based with *private key stored on the device.
Examples: Signal, WhatsApp, Telegram, Keybase App
3) Software-based with *private key stored offline (smart card or token).
Examples: GnuPG, Thunderbird, Apple Mail / GPGTools
*A private key is essentially what is needed to view encrypted messages sent to you and to sign messages saying they are from you. If this key is compromised a hacker can send messages that appear to be from you and view all of your encrypted messages (Game over).
How secure are current solutions?
High – If your device gets hacked the key is inaccessible in offline storage.
OnlyKey Quantum creates a new category - Web-based, App-based, or Software-based with High security.
Why a new category?
TL;DR – OnlyKey is a high security device, that does not require complicated software install (like all other high security devices do) making it available for non-technical users as well being powerful enough for technical users.
If you have ever tried to communicate securely online you would probably not describe the experience as convenient. So far, no other solution works practically everywhere or with everything. If it’s convenient, you are probably using an app and it may not be as secure as you think (see Medium and Low security). If it’s really secure you are probably using a smart card or token and it’s a hassle to set up or use on-the-go.
How OnlyKey is different from other smart cards/tokens?
Unlike other smart cards and tokens OnlyKey utilizes the U2F protocol to allow support on any browser that supports U2F. This provides the same security benefits of a smart card or token without the hassle.
In addition to not being complicated like smart cards and tokens, Onlykey also has additional security benefits.
Instead of unlocking the device by typing a pin code on the keyboard where it can be intercepted, the OnlyKey pin code is entered on the device itself, offline.
For messages, OnlyKey requires a confirmation code to be entered on the device. So unlike smart cards and tokens, if OnlyKey is left plugged into a compromised computer, the messages are secure.
This user presence prevents hackers, intelligence agencies or malware from accessing encrypted messages or impersonating a user.
Encryption Everywhere On-the-Go
It works practically everywhere and with everything.
ALL YOU NEED IS AN ONLYKEY AND A BROWSER TO COMMUNICATE SECURELY ON THE GO
We are even building an Android app to support encryption in Chrome or Firefox for Android.
Encryption for Everyone
We are making the world's first universal encryption device that is future ready and works practically anywhere, with no typing commands or difficult set-up required. Plug it in and it works. It’s designed with the perfect balance of convenience and security in mind.
Encryption for Everything In-the-Browser
IT WORKS SEAMLESSLY - JUST HIGHLIGHT TEXT TO ENCRYPT
Sometimes you just need to send a secure message to a friend or coworker quickly and easily, or read an encrypted PGP message they sent you. With other secure devices that keep your key safe offline you will need to install a lot of complicated software, which may not even be an option if you are using a work computer where you are not allowed to do that. Using our OnlyKey Chrome extension, you can encrypt text in the browser simply by adding an extension to your browser.
Then just highlight text to encrypt. To make this even easier you can add a list of friends (using Keybase) to whom you'd like to send encrypted messages. The message is encrypted and signed by your OnlyKey, and the encrypted text is sent over the chat or email of your choice. When your friend receives the message, they use their OnlyKey to decrypt or a different OpenPGP compatible solution.
See OnlyKey BrowserCrypt in action using the popular messenger Slack we can encrypt and decrypt messages right in the browser.
SEND ENCRYPTED MESSAGES BY FACEBOOK OR TWITTER HANDLE
Keybase provides an open source API that allows looking up your friends by Facebook, Twitter, or email address. This allows us to make sending an encrypted message easier than ever. It also helps prevent accidentally sending an encrypted message to someone you think is your friend but is an imposter. Identity is a hard thing to prove online. Keybase provides proof that the person you are communicating with owns a certain Twitter handle, Facebook account, etc. One of the most important parts of secure communication is verifying the identity of the person with whom you are communicating, and Keybase has created a secure and easy way to do just that.
Now to communicate securely your friend can just look you up by your Facebook or Twitter username to send you a secure message through our apps.
ONLY YOU CAN DECRYPT YOUR MESSAGES WITH ONLYKEY
OnlyKey is PIN protected so only you can unlock your OnlyKey to read decrypted messages. OnlyKey also requires user physical touch (a 3-digit challenge code) to decrypt each message, so it takes a person (user presence) to decrypt messages with OnlyKey. This is notably different than secure messaging apps, tokens, or smartcards. With secure messaging apps, a hacker or intelligence agency that installs malware on a phone or laptop can read all of your messages without requiring user presence. With tokens and smartcards, a PIN is entered from software on the computer where malware can grab intercept the PIN. It does not require user presence. OnlyKey requires user presence to decrypt every message.
Expandable, Future-Ready Framework
You want a security device that works practically everywhere, with everything, now and in the future. Integration and adaptation are two areas where other security devices fall short and we want to fill the gap.
We want to make it easy to integrate existing solutions with OnlyKey.
We are already considering many popular encryption apps and software that would be great to integrate with OnlyKey. Most of these products have one thing in common: they store your secret (private) key on the device/browser you are using, or in the cloud. If that location is hacked, then malware can steal your key and decrypt your secure messages.
Some possible integrations we're pursuing are:
OpenPGP browser extensions like Mailvelope - Popular extension for adding OpenPGP to Webmail.
Keybase - As shown in the demo, we can already store the private key from Keybase on OnlyKey. However, Keybase has other apps with device keys that do things like encrypt local file storage, encrypted chat, and even encrypted Github repos. It's pretty amazing! If integrated, OnlyKey could store these device keys safely offline.
GPG - We are already working on a GPG agent that would integrate with GPG to support multiple apps.
The future is not certain, but unlike other security solutions where users have to replace their devices when something new comes along, OnlyKey can adapt by allowing users to update its firmware.
THE CRYPTOPOCALYPSE IS COMING!
Current public-key algorithms, like RSA and ECC -- which means pretty much all secure communication online -- can be efficiently broken by a sufficiently large quantum computer. There are already quantum computers out there that we know about and probably more that we don’t. This is not just a theoretical threat. Here is a quote from the NSA:
“For those partners and vendors that have not yet made the transition to Suite B elliptic curve algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum-resistant algorithm transition.” [emphasis added]
Ethereum and Bitcoin functionality (Stretch Goal $120,000+ ).
WHAT DOES ONLYKEY ALREADY DO?
As a two-factor token OnlyKey is the most universally supported on the market.
If you lose your OnlyKey, your data is safe as it is PIN protected and can't be used without the PIN. If anyone enters the wrong PIN too many times the data will self destruct. Secure backups of your data are easy to make and protected with the strongest encryption available.
OnlyKey has a long list of features on the product page here. It is already available for sale via Amazon or PayPal worldwide.
As a Password Manager, OnlyKey is better than storing passwords in browser or password apps.
NOT LIMITED TO BROWSER
If you can type the password, OnlyKey can type the password for you. Browser, app, computer, it's all the same to OnlyKey. Unlike software password managers, OnlyKey works anywhere a keyboard works, and can be used to enter the password to unlock your computer or pretty much any software or website that has a password.
SECURE OFFLINE STORAGE
What happens if you have really strong passwords all stored in a really secure password manager or app on your phone or computer and it gets hacked? It's simple: the hacker now has access to all of your passwords. The hacker may not even need control of your physical device if they hack a cloud based service like this.
OnlyKey is different because it stores passwords offline. The only way for you to access your passwords is to physically press a button on OnlyKey. Physical touch is something that malware or a hacker cannot do remotely.
The project timeline is as follows:
Choose the case color that fits your style.
A new case color will also be released as part of this Kickstarter - Quantum White (white case with black text).
Additionally, OnlyKey comes with a quick disconnect keychain and a quick reference card.
Risks and challenges
We do have a proven track record of delivering what we promise. In our last Kickstarter, we delivered the expected product AND exceeded expectations by designing custom OnlyKey hardware that is waterproof and durable.
After the Kickstarter, we continued to build new OnlyKey features and accessories like the colorful OnlyKey cases. This time around we do not have the challenge of developing hardware as the OnlyKey Color hardware is already complete. Our biggest challenge is building and testing the features/functionality. This is a big job with two primary goals. #1 Implement security controls to ensure confidentiality, integrity, and availability of user data. #2 Ensuring that features/functionality provide the best possible user experience.
To mitigate this risk, we have already built and continue to build security features that prevent common attack vectors. Sometimes this does require a tradeoff of usability. For example, OnlyKey allows you to write passwords/keys to the device but not read them back out. Being able to read the passwords from a device would be great in many instances for usability, but this would be really bad for security. A general rule of thumb is that if you can access some information on your computer then so can a hacker that hacks your computer. Its a simple concept that guides the design of OnlyKey features.
Additionally, to mitigate this risk we are currently open for proposals and looking for vendors with experience conducting security reviews on open source products.
Solve your business password management problems with a convenience your employees will love. A secure password policy is easy when users don’t have to remember any passwords. Make 2FA roll out a breeze.