OFFPAD – FAQ
Here you will find replies to some of the most common questions we get regarding the OFFPAD.
General
What does an OFFPAD do?
The OFFPAD is a hardware security key which replaces your passwords. It is more secure, quicker and convenient than what you do today. Simply activate the card with your fingerprint and it will do the rest to get you logged on to your services and applications.
Why is it called OFFPAD?
OFFPAD stands for OFFline Personal Authentication Device, meaning that the device is mostly offline until it is used to authenticate towards a system/application.
Why does it look like a credit card?
At PONE Biometrics we think that a credit card form factor is the best compromise between convenience (easy to handle and manipulate) and security. Furthermore, this form factor is well known by all generations and is linked to security and easy to use.
Does it come in any other shapes?
PONE Biometrics is already preparing for the future by leveraging the best technologies to strengthen the product security and usability. Having another form factor is however not in our product roadmap as of today.
What is the expected lifetime of an OFFPAD?
With standard usage (based on the respect of the standard precautions) the card is expected to have a lifetime of at least 3 years.
What happens if I break my OFFPAD?
PONE Biometrics wants to make daily user life easier. You will receive a new one according to your contract agreement and assurance policies.
How much does an OFFPAD cost?
PONE Biometrics want it to be easy and affordable to become more secure. We are therefore offering a rental price for each OFFPAD. Users who prefer to buy the OFFPAD can of course also do this. Please contact us for detailed pricing information.
Do we need to set up a big IT project to start using the OFFPAD?
Of course not. Our first idea is to make the authentication accessible to everyone. Thanks to contactless technologies like Bluetooth Low Energy (BLE) and Near Field Communication (NFC) the card can easily connect to any device. The card is FIDO2 compliant and will be seen as a trustable hardware when you’ll access FIDO2 compliant digital platforms such as Gmail, Facebook, Salesforce, SAP, Amazon, Windows Hello etc.
Where is the OFFPAD produced?
The OFFPAD is developed and produced here in Scandinavia. This lets us have complete control of all aspects of the product and therefore limit the possibilities for bad actors in the value chain.
What type of certification does the card support?
The card is certified FIDO2 level1 and CE to comply with EU regulation. Further certifications like FIPS 140-3 and Common Criteria are planned for soon.
Where can I buy an OFFPAD?
Please contact PONE Biometrics and we will put you in contact with our local partner in your area.
Security
What makes the OFFPAD safe?
The card has been designed following a Trusted Execution Environment (TEE) which makes all communication encrypted and secured. Additionally, the card is off most of the time (except during the authentication for a 3s period) which drastically limits the attack surface (potential the hacker has to interact with the card).
What is the False Acceptance Rate (FAR) of your fingerprint sensor?
The FAR for the biometric sensor we are using is 1/20.000
What is the False Rejection Rate (FRR) of your fingerprint sensor?
The FRR is 3%
What happens if someone steals my OFFPAD?
The card cannot be used because only your fingerprint can activate the card.
Why does the OFFPAD have a PIN?
The PIN is used to prove that you are the owner of the OFFPAD when authenticating through NFC.
When using Bluetooth Low Energy (BLE) the fingerprint sensor is active and will be used to prove that you are owner of the OFFPAD.
If the fingerprint match fails 8 times the OFFPAD will fallback to PIN.
If you enter the wrong PIN 3 times you will be asked to restart the OFFPAD.
If you enter the wrong PIN 3 more times you will be asked to restart again.
If you then enter the wrong PIN 2 more times the OFFPAD will be locked and needs to be reset.
How to set the PIN is described here.
How to reset the OFFPAD is described here.
Where are my biometrics stored?
Your fingerprint biometrics are not stored like a picture in our card. An algorithm transforms your fingerprint biometric into a unique number which is stored securely on the card. Your fingerprint is never shared outside the card. During the matching, the algorithm compares the given result of the authentication with the stored number. If there is a match the authentication is approved.
Performance
How long does the battery last?
The battery lasts approximately 3 weeks. This will depend on individual usage.
Usage
How do you reset the OFFPAD?
The OFFPAD can be reset in 2 ways, you can use the OFFPAD Device Manager or you can do it from Windows settings, described here.
How do you set the PIN?
The OFFPAD PIN can be set in 2 ways, you can use the OFFPAD Device Manager or you can do it from Windows settings, described here.
How do you charge the battery?
The battery is charged wirelessly with a Qi charger. Same as for mobile phones, watches and other equipment supporting standard wireless charging.
Why do you have a screen?
The screen can be used for several things. The main usage is to receive visual confirmation from the service you are authenticating towards. The screen can also be personalized with your name, company name or other name of interest.
Can you use the OFFPAD as a physical access card as well?
This is under development and will be available soon.
What services support FIDO2?
FIDO2 (Fast Identity Online) is a common standard which has native support in all major operating systems like MS Windows, Apple OSX, Android and iOS all major web browsers like Firefox, Chrome, Edge, Mozilla, Safari etc. Most Identity Access Management (IAM) systems support FIDO2 out of the box. More information can be found in the FIDO Alliance Passkey Directory.
What browsers and operating systems supports FIDO2?
FIDO2 is not supported on all combinations of operating systems, communication protocols and browsers.
Please take a look at the tables below to see if your use case is supported.
The OFFPAD will support USB in a future release.
Windows
| Operating system | Browser | Bluetooth | NFC | USB |
|---|---|---|---|---|
| Windows 10 and 11 | Login through Windows Hello | ✔️ | ✔️ | ✔️ |
| Windows 10 and 11 | Chrome | ✔️ | ✔️ | ✔️ |
| Windows 10 and 11 | Chromium | ✔️ | ✔️ | ✔️ |
| Windows 10 and 11 | Firefox | ✔️ | ✔️ | ✔️ |
macOS
| Operating system | Browser | Bluetooth | NFC | USB |
|---|---|---|---|---|
| macOS | Login to device | ❌ | ❌ | ❌ |
| macOS | Chrome | ❌ | ❌ | ✔️ |
| macOS | Chromium | ❌ | ❌ | ✔️ |
| macOS | Firefox | ❌ | ❌ | ✔️ |
| macOS | Safari | ❌ | ❌ | ✔️ |
Linux
| Operating system | Browser | Bluetooth | NFC | USB |
|---|---|---|---|---|
| Linux debian | Login | ❌ | ❌ | ✔️ |
| Linux debian | Chrome | ❌ | ❌ | ✔️ |
| Linux debian | Chromium | ❌ | ❌ | ✔️ |
| Linux debian | Firefox | ❌ | ❌ | ✔️ |
| Linux redhat | Login | ❌ | ❌ | ✔️ |
| Linux redhat | Chrome | ❌ | ❌ | ✔️ |
| Linux redhat | Chromium | ❌ | ❌ | ✔️ |
| Linux redhat | Firefox | ❌ | ❌ | ✔️ |
ChromeOS
| Operating system | Browser | Bluetooth | NFC | USB |
|---|---|---|---|---|
| ChromeOS | Login to device | ❌ | ❌ | ❌ |
| ChromeOS | Chrome | ❌ | ❌ | ✔️ |
| ChromeOS | Chromium | ❌ | ❌ | ✔️ |
| ChromeOS | Firefox | ❌ | ❌ | ✔️ |
iOS
| Operating system | Browser | Bluetooth | NFC | USB |
|---|---|---|---|---|
| iOS | Login to device | ❌ | ❌ | ❌ |
| iOS | Chrome | ❌ | ✔️ | ✔️ |
| iOS | Chromium | ❌ | ✔️ | ✔️ |
| iOS | Firefox | ❌ | ✔️ | ✔️ |
| iOS | Safari | ❌ | ✔️ | ✔️ |
Android
| Operating system | Browser | Bluetooth | NFC | USB |
|---|---|---|---|---|
| Android | Login to device | ❌ | ❌ | ❌ |
| Android | Chrome | ❌ | ❌ | ❌ |
| Android | Chromium | ❌ | ❌ | ❌ |
| Android | Firefox | ❌ | ❌ | ❌ |
How do you enroll a fingerprint?
The first time you switch on the card, the display will show messages asking you to present your fingerprint to be registered (5 times for each). Once done, other fingerprints could be registered (if necessary) following the same steps.
How many fingerprints can you enroll?
You can register up to 3 different fingerprints on the card. Thanks to the Device Management App, you can add or delete registered fingerprints if needed.
Why do I need separate hardware when a mobile phone can already do biometric authentication?
A mobile phone is designed to be online 24/7. It is also full of applications and all sorts of helpful and not so helpful tools from developers all over the world. Mobiles have and will be breached in many ways. The OFFPAD is offline until needed and is only used to authenticate you as a user. This makes it much better to withstand attacks.
How can it communicate with the service it authenticates towards?
The OFFPAD has inbuilt support for both NFC and BLE and will use this to communicate with the device you are using to reach your required service/application.
Do you need to install anything on the devices you are connecting to?
No