This seems to predate FIDO2. https://solokeys.com/ would be a better option if you prefer separate keys for each site (via FIDO2) and open source hardware.
Yeah, I've been happy with my SoloKey, but OnlyKey's integration with a software password manager + OpenPGP + SSH keys is really enticing. I'm on the same boat as a lot of others here, however, that the lack of open hardware is a deal breaker.
Just wondering, what additional security would you expect from open hardware vs. open software with transparently designed hardware? From a threat modeling perspective it seems that if the device is just using one chip onboard there are no clear security advantages of open hardware. Open hardware would only be provide a security benefit if you are planning to make your own security key, which most people won't be doing. And by being open hardware there is an additional threat model created where it is now easy for adversary to create identical clones of security key that can be used maliciously.
Ultimately, it's just a personal belief that all knowledge should be free as in freedom. SoloKey Hacker Edition in particular lets you run custom firmware, so you can at least be confident in the software side of things, and build upon it.
Open hardware has the benefit of being able to build it yourself, which is the only completely secure option. The downside is, indeed, the ability to easily create malicious clones, and the fact that you simply won't be able to build it yourself for any remotely modern hardware. So yeah, there's really no security benefit to it in terms of hardware.
Proprietary hardware has the upside of needing reverse-engineering to create a malicious clone / part, and the transparent design helps you make sure that they can't do a sloppy job at it.
It's a shame that tradeoffs have to be made once technology reaches a certain level of complexity, but alas.
I've got a few SoloKey. This project seems like a joke comparatively as solo is actually open source hardware[0] and this is not. You can look above to see how OnlyKey might be more trouble on the software side than it's worth and potentially is just a liability.
I've got a few SoloKeys too. The USB C one broke in half and looking on Amazon reviews this is an issue for lots of people. Meanwhile my OnlyKey has been running strong 3 years in and has been on my keychain the whole time. Also SoloKey doesn't manage passwords at all, while OnlyKey does.
But it's not open source. Why even bother to call it open source if it's not? Since the Solo is open source hardware if you don't like it, you can change the design and get your own boards cut on OSH Park.
