This is the fourth article from the series focused on the FIDO keys from a couple of manufacturers.
Recently I have received a small package with IDmelon Reader for tests.
I was really surprised about the small form factor size of the USB device and very curious about the functionality of this solution
About IDmelon
A small introduction of the vendor according to the official webpage
IDmelon is a Startup Company that was founded in January 2020. But the company’s existing experience and products are the results of more than five years of hard work and expertise in Bluetooth and FIDO Technologies.
IDmelon is the fruit of a technology acquisition of a Startup Company called Vancosys Data Security Inc., whose main focus has been on researching and developing Bluetooth and FIDO2 based authentication products since 2016. The company’s goal is to facilitate the implementation of passwordless authentication solutions to improve the security of websites and applications. And our focus now is on making a unique and creative FIDO2 Security Key product.
IDmelon is a member of the Microsoft Intelligent Security Association.
Keys Overview
In this article I’d like to share with you my thought after 2 weeks of using IDmelon security keys:
| Model | IDmelon Authenticator | IDmelon Reader | IDmelon Key |
| Picture |  |  |  |
| Supported OS | Windows 10 | Windows 10 | Windows 10 |
| Interface | Android / Apple device | USB-A/BLE | USB-A/BLE |
| Features | Free of charge use for individuals | working in 3 modes: Smartphone BLE reader, FIDO2 USB Security Key, Paired Smartphone mode | compatible with Azure AD, Dropbox, Facebook, Twitter, GitHub and more |
| Standard | FIDO2 | FIDO2 | FIDO2 |
LAB details
In order to do the tests for this article, I have created a dedicated user called passwordlesstester in my lab.
In my lab, I have created a dedicated group called Passwordless which is used for FIDO2 Security Key authentication method.
All the tests were made using IDmelon Reader device.
IDmelon Reader
IDmelon Reader could work in 3 modes:
- Smartphone BLE reader mode – led blinks in white
- FIDO2 mode – led blinks in green
- Paired Smartphone mode – led blinks in blue
Switching between the modes is very simple – just press the button for 3 seconds and then wait 15 seconds for a change.
Sounds interesting? Let’s move on.
IDMelon Reader as a FIDO2 device
Configuration process looks almost the same as for other vendors:
- Plug in the device to USB port
- Select proper device mode by pushing the button for 3 secconds and changing LED to green. – this step is revelant for other vendors
- Configure Sign-in method
- Use 🙂
Application Setup
Before using the physical device we have to install the application on our mobile phone.
Depending on the mobile OS version we can use Android and iOS.
After the application installation, we need to run it and then click getting started button.
On the Getting Started screen you have to provide an email address that will be used with the application.
You will be informed that verification mail was sent, let’s check the email for the verification code.
After clicking OK and Next, you will be moved to the next screen where you simply click Activate with a code
So let’s switch to email and open the new message from IDmelon
Copy the six digits code and provide it to the application
Provide your Personal Information and click Create
On the next screen, you will be asked about activating your security key on the phone – of course, Approve.
Now you should see a screen with confirmation that we managed to setup the solution on our mobile phone
Alright now we need to switch to our IDmelon Reader device and change mode to Paired Smartphone mode (LED blinks blue). Just press the button for 3 sec and that is all.
The next step is to log on here and add a new security key
After choosing the key type we will have some useful information and browser acceptance
And finally, information that we can ‘touch’ security key
Here we need to take configure our phone (the one with IDmelon app installed) to be a security key.
Just put it on the IDmelon Reader device and follow the steps.
You can check if the account was added to the app by going into the Registered Accounts tab
So now we are configured and our phone works as a security key
From now every time when we will need to log in to this account we have to put our phone on the IDmelon Reader.
Outro
As you can see there is another player on the authentication field who can help you with the security of your accounts.
IDMelon can work in 2 main modes:
- For individual users – those steps were described in this article
- In shared device mode – this topic will be describe soon during the article update.
Test devices were provided by IDmelon Technologies Inc.
https://www.idmelon.com/
Comments are closed.