Computer Login
With a Nitrokey, you can log in to your computer securely and conveniently. Depending on the operating system and user management system, different methods are used: modern FIDO2 passkeys, smart card logins (PIV), or one-time passwords (OTP).
The advantage: Your login credentials remain securely stored on the Nitrokey and cannot be easily stolen through phishing or password theft.
Microsoft Accounts (Microsoft 365)
Nitrokeys can be used with Microsoft accounts, such as for Microsoft 365, Outlook.com, OneDrive, or Teams.
FIDO2 / Passkeys
The preferred method is logging in with a FIDO2 security key. The Nitrokey serves as a passwordless login method or as an especially strong additional factor.
Entra ID Managed Windows Accounts
For user accounts managed through Microsoft Entra ID, Nitrokey offers modern and convenient login methods.
Passwordless Login (recommended)
The recommended option is passwordless sign-in with FIDO2. Users sign in directly with their Nitrokey without having to enter a password. Microsoft natively supports FIDO2 security keys for Windows sign-ins with Entra ID.
Smart Card/Certificate Login
Alternatively, a Nitrokey 3 can be used as a smart card with certificates. In this case, the user authenticates using a certificate stored on the Nitrokey. This method is frequently used in environments with their own PKI.
Learn more about smart card-based login to Windows.
Local Windows Accounts
Even if Windows user accounts are not managed via Microsoft Entra ID, a Nitrokey can still be used for login. Since Windows does not link local user accounts directly to FIDO2 security keys by default, additional software is required for this purpose. This software operates entirely on-premises and does not require a cloud connection. As a result, this solution is also suitable for environments with strict data protection and compliance requirements.
CodeB
A proven solution is CodeB Login for Windows. CodeB extends the Windows login process to support security keys and smart cards. This allows users to log in with their Nitrokey instead of relying solely on a password.
privacyIDEA
As an alternative, privacyIDEA can be used. This open-source solution supports various authentication methods with Nitrokeys, including FIDO2/Passkeys. privacyIDEA is particularly well-suited for companies that need centralized management of Nitrokeys and want to implement policy-based control for login.
Local Linux Accounts
On Linux, a Nitrokey can be used directly for user login. This typically involves the use of FIDO U2F technology. Once set up, the login process is secured by the connected Nitrokey.
macOS Accounts
On macOS, a Nitrokey can be used as a smart card for user login. Certificates required for authentication are stored on the key.
Which Nitrokey is best suited for my use case?
The available login methods depend on the Nitrokey model you are using.
| Use Case | Nitrokey 3 | Nitrokey Passkey |
|---|---|---|
| Microsoft 365 login via passkey/FIDO2 | ✅ | ✅ |
| Microsoft Entra ID passwordless (FIDO2) | ✅ | ✅ |
| Windows login via CodeB with FIDO2 | ✅ | ✅ |
| Windows login via privacyIDEA with passkeys | ✅ | ✅ |
| Linux login via FIDO | ✅ | ✅ |
| Web applications with passkeys | ✅ | ✅ |
| Smart card/PIV login on Windows | ✅ | ❌ |
| Smart card/PIV login on macOS | ✅ | ❌ |
| Certificate-based login (PKI) | ✅ | ❌ |
| One-Time Passwords (OTP) | ✅ | ❌ |
Nitrokey Passkey
The Nitrokey Passkey is entirely focused on modern passwordless login via FIDO2 and passkeys.
Nitrokey 3
In addition to FIDO2/passkeys, the Nitrokey 3 also supports PIV (smart card) and one-time passwords (TOTP, HOTP). This makes it suitable for environments where smart card- or certificate-based logins are required in addition to modern passkeys.