Vegas event batchHacker Summer Camp drop — reserve by July 24 for Vegas pickup Aug 5–6 or US ship +$25Build my stack →

securitygadgets.shop / Nitrokey US / Security keys & HSMs / Nitrokey Passkey

Nitrokey Passkey

Nitrokey · Security key

Nitrokey Passkey

FIDO2/WebAuthn and U2F hardware key for phishing-resistant passwordless login and 2FA. Rust-based open-source firmware on an nRF52 secure element, made in Germany, priced for fleet-wide rollout.

$40

EU equivalent: €32 incl. VAT · nitrokey.com

Reserve in the one-time Vegas batch — order by July 24, 2026 · 6 PM EDT

Vegas event batch — order by July 24 for Aug 5–6 Wynn pickup or US ship (+$25)

Shipping to
Build a stack
2-day US shipping Net-30 with W-9 US English support US-side RMA

Why the Nitrokey Passkey

What this security key does that alternatives don't.

Phishing-resistant by design

FIDO2/WebAuthn cryptographically binds credentials to the origin, defeating credential phishing, replay, and man-in-the-middle attacks that bypass OTP-based MFA.

Auditable Rust firmware

Open-source firmware built on the memory-safe Trussed framework with signed updates lets you verify the authentication stack with no opaque blobs in the trust path.

Hardware-rooted secure element

nRF52 with Secure Boot, ARM TrustZone, and Physical Unclonable Functions anchors keys in tamper-resistant hardware that cannot be exfiltrated.

Specifications

Full technical details.

Standards
WebAuthn, CTAP2/FIDO2, CTAP1/FIDO U2F 1.2
Microcontroller
nRF52 with Secure Boot, ARM TrustZone, PUF
Connector
USB 2.1, Type A
NFC
Not supported
Credential storage
Unlimited accounts (FIDO U2F, FIDO2)
Firmware
Open source, written in Rust (Trussed); signed updates
Dimensions / weight
17 x 14 x 6 mm, 1.5 g
Compliance
FCC, CE, RoHS, WEEE, OSHwA
Origin
Quality made in Germany
Indicators
Touch button, four-color LED

Compliance framework mapping

Controls this product satisfies across 7 frameworks.

Full controls library

Multi-factor authentication — hardware-bound

Phishing-resistant MFA using hardware security keys. Software TOTP and SMS are explicitly excluded from "phishing-resistant" in NIST 800-63B and most modern framework guidance.

Cryptographic key management

Hardware-bound key generation and storage. Private keys generated and stored inside a certified secure element (EAL 6+) and are non-exportable by design — for login credentials (Nitrokey) and crypto-asset custody (Ledger) alike.

Supply chain risk — hardware and firmware

Open-source firmware is publicly auditable and reproducibly built. EU jurisdiction hardware is not subject to US National Security Letters. Directly addresses hardware supply chain risk in CMMC and NIS2.

Compared to

Honest comparisons against the most likely alternatives.

vs. Nitrokey 3

Passkey is FIDO2/U2F-only; the Nitrokey 3 adds OpenPGP/PIV smartcard, OTP, and (some models) NFC for broader use cases at a higher price.

vs. OTP authenticator apps

Unlike TOTP apps, the Passkey provides origin-bound, hardware-isolated keys that cannot be phished, screenshotted, or exfiltrated from a compromised phone.

Shipping & returns

What to expect after you order.

Shipping

Ships from our Tennessee 3PL. 2-day FedEx to most US addresses, expedited options at checkout. Signature required. Business day processing — orders placed before 2pm ET ship same day.

Returns & RMA

30-day return window for unopened units. Defective units handled under Nitrokey's 2-year warranty — we manage the US-side RMA so you don't ship to Berlin.

Purchase orders

Net-30 terms available for approved organizations. W-9 on file. Generate a quote from the stack builder or email sales@securitygadgets.shop with your PO requirements.

Authorized reseller

We are an official Nitrokey authorized reseller. Full manufacturer warranty applies. Identical hardware and firmware to buying direct from nitrokey.com — with US inventory and support.