Reviewed: BioPass FIDO2 Security Key

Thoughts on a security key by FEITIAN that sports a fingerprint reader

Raghul Chandrasekar
Feb 23 · 7 min read

BioPass FIDO2 is a security key from FEITIAN Technologies. If you are wondering what the hell a ‘security key’ is, you can read this article where I cover the basics of FIDO2 — the protocol that security keys run on.

In a nutshell, security keys leverage the power of Public Key Cryptography in order to secure your online accounts far better than passwords and authenticator apps (ex: Google authenticator) ever can. They provide protection against phishing, man-in-the-middle attacks and hijacking.

BioPass comes in two variants: USB-A and USB-C. In this article, I will be sharing my thoughts on the USB-A version. However, the only difference between the two is the type of USB port (and the design of the casing). Functionality wise, they are identical.

Top to bottom: BioPass K27 (USB Type A), BioPass K26 (USB Type C)

Let us get some basics out of the way.

These keys are:

  • FIDO2 Certified: the key supports CTAP2 and U2F(CTAP1) protocols

The key does not support:

  • NFC

Let us jump into the deets, shall we?

Setting Up & Managing your BioPass FIDO2

The first thing you need to do is setup a PIN/fingerprint. If you don’t, anyone who gets hold of your security key can impersonate you because all they have to do is plug in the key and tap it (assuming they have your username and password, of course).

You can do this by going into your Windows Settings -> Accounts -> Sign-in options -> Security Key -> Manage. Before you click on ‘Manage’, ensure that your BioPass is plugged in.

Native key management interface on Windows 10

The key management console provides you with the following options:

Key Management

Notice that the option to setup a fingerprint is disabled. This is because Windows requires you to set up a PIN before registering your fingerprint.

This is similar to what you see in your smartphone. You are required to setup a PIN/passcode and the fingerprint/TouchID/FaceID acts as a proxy for your PIN.

Go ahead and setup a PIN.

Setting up a new PIN

Once you are done with that, you have the option to register your fingerprint. Registration is quick and easy — takes 5 taps.

If you want to register multiple fingerprints, you can do so; BioPass lets you add up to 50 fingerprints.

Registering your fingerprint

Removing fingerprints is also easy. However, the native interface of Windows 10 does not give you granular control — you cannot choose a specific fingerprint to be removed. Hitting ‘Remove’ removes all of the stored fingerprints.

Fingerprint management on Windows 10

The native interface also does not let you rename any of the fingerprints you register. Neither can you see how many fingerprints you have registered so far. This can be frustrating.

However, FEITIAN has a software application that remediates some of the above issues.

BioPass FIDO2 Manager

It is a simple, straightforward application by FEITIAN that lets you manage you key better.

The app not only provides a better fingerprint management experience than the Windows 10 interface, it also provides a key management interface for OSes that do not have a native interface. If you are working with a Linux, MacOS, Windows 7 or Windows 10 1809 and below, you are going to need this app. (Download links for each OS here.)

With the app, you can:

  • view how many fingerprints have been registered
BioPass FIDO2 Manager Interface

It does not, however, let you rename your fingerprints. It automatically assigns a name in a numerically increasing fashion.

In the Windows 10 interface, you had to setup a PIN before registering your fingerprint. The BioPass manager lets you bypass this step. When you setup the device for the first time using the app, it provides you with two options (see picture below): PIN and Fingerprint, Fingerprint Only.

When you click on ‘Add Fingerprint’, you get two options

If you choose ‘Fingerprint Only’, then your fingerprint is no longer a proxy for your PIN, your fingerprint is the PIN that unlocks the private key stored in the security key.

Passwordless MFA

Once you have setup your BioPass, you can use it to authenticate into your online account without having to enter a PIN. You get a prompt to ‘Touch your security key’ instead of ‘Enter PIN’.

Prompt for verifying user presence

How does Passwordless MFA feel like? This is how:

Courtesy: Imgflip

Some important numbers:

  • The official fingerprint Recognition Time is less than 0.6 seconds. I cannot verify this as it is too quick for measurement. However, there was near-zero lag during my use so I would say the number is pretty accurate.


How secure is your fingerprint?

BioPass has an embedded security chip that encrypts your fingerprint data.

FEITIAN states that it is impossible for someone to reverse engineer your fingerprint image from this stored data. Neither will your biometrics leave the security key. Your biometric data is only processed locally.

(However, this is standard for any device that manages biometric data.)


I have saved this for the last because this is the least significant factor when it comes to security keys. It is important, nonetheless.

LED Indicator

The key has an LED indicator that comes in really handy during use. The below pic shows how the LED indicator works.

LED Indicator on BioPass K27


Dimensions: 51 × 18 × 6.5 mm (K27), 0.9 × 18.5 × 7 mm (K26)

It is definitely small enough to fit in your pocket. However, it is not small enough to fit in your wallet (for example, Yubikey 5 fits in your wallet comfortably).


It feels premium and sturdy thanks to its all-metal casing. The enclosure has a brushed metal finish which gives it a semi-matte look and I really dig it.

On the flip side, the casing makes the key hefty — it weighs around 11g. In comparison, the Yubikey 5 NFC weighs only 4g.


The fingerprint reader has been tested to last a minimum of 200,000 fingerprint reads. It will last for a minimum of 15 years assuming you use the reader 40 times each day. You mostly won’t be using it that much.

Purchase Decision

Where can you use the BioPass FIDO2?

You can use it as a replacement for password (password-less) with your Microsoft personal account.

You can use it as a strong 2nd factor in a bunch of websites to protect your online accounts. Few websites which let you add a security key are (non-exhaustive list): Google, Dropbox, GitHub, Twitter and Facebook.

You can also use it to secure your password manager. For example, LastPass (premium), DashLane and 1Password let you add a security key.

Security key support is limited as of today but the number of apps/websites that let you use a security key is only going to increase in the coming years. So, by purchasing a security key, you can be future-proof.

I found this webpage on Yubico’s website that lists many websites/apps that support security keys.

Should you buy the BioPass FIDO2?

A fingerprint reader that enables Passwordless MFA, simple but useful LED indicators, lightweight accompanying software for key management and premium build quality —FEITIAN has checked a lot of boxes with little room for improvement.

The downsides are that the lack of OATH HOTP support and lack of out-of-the-box PIV support. You also cannot use it with mobile devices due to lack of NFC.

Nontheless, BioPass FIDO2 does what it sets out to do really well which is to provide a Passwordless MFA experience with FIDO2. If you do not need OATH-HOTP, PIV or NFC, BioPass FIDO2 is definitely worth the price.

If you are interested in purchasing the BioPass FIDO2, you can purchase the key here with free worldwide shipping. Don’t forget to use the code ‘Raghul-20’ to get 20% off on your purchase!

Nerd For Tech

From Confusion to Clarification

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store