Solo 2 Guide

Quick Navigation

• Getting Started
• Compatibility
• Security & Privacy
• Managing Your Key
• Troubleshooting
• Solo 2 Hacker

Getting Started

What is Solo 2?

Solo 2 is an open source FIDO2 (Fast Identity Online 2) security key built with Trussed®. It protects your online accounts against phishing, account takeover, and unauthorized access by providing the strongest available login method.

How do I set up my Solo 2?

No software installation is required for basic use. Simply plug your Solo 2 into a USB port, navigate to a supported service like Google, Microsoft, or Facebook, and follow their security key enrollment process. When prompted, touch the capacitive touch sensor on your Solo 2 to confirm.

How does the touch sensor on Solo 2 work?

Solo 2 uses a capacitive touch sensor with three contact points. When a service asks you to confirm by touching your security key simply make contact with any of the three points on the device. It works similarly to a touchscreen — no physical pressing required.

How do I install the sleeve on my Solo 2?

Solo 2 comes with a colorful protective sleeve. Align the sleeve opening with the USB connector end of the key, stretch gently as needed, and slide it over the PCB (Printed Circuit Board) until it is fully encased.

Do I need to create a PIN?

A PIN (Personal Identification Number) adds an extra layer of security. Some services and browsers require a PIN to be set before use. We recommend setting a PIN when you first set up your key. You can set your PIN through your browser's security key settings or using the solo2-cli tool.

Why should I register a backup key?

We strongly recommend registering a second Solo 2 as a backup. If your primary key is lost or damaged a backup key ensures you can still access your accounts. Register your backup key on every service at the same time you register your primary key. Store your backup key in a safe place separate from your primary key.

What happens if I lose my Solo 2?

If you lose your Solo 2 and have a backup key registered you can use the backup to access your accounts and remove the lost key from each service. If you do not have a backup key you will need to use your account recovery options such as backup codes or account recovery email for each service individually.

Compatibility

Which services work with Solo 2?

Solo 2 works with any service that supports FIDO2 or WebAuthn (Web Authentication) standards including Google, Microsoft, Facebook, Salesforce, GitHub, Dropbox, Twitter/X, and hundreds of others. If a service supports security keys it will work with Solo 2.

Which browsers are supported?

Solo 2 works with:

• Google Chrome
• Microsoft Edge
• Safari
• Brave
• Firefox

Note: Some browser and service combinations may require a PIN to be set on your key. If you experience issues with a specific browser ensure your PIN is configured first. Some browsers such as Chrome include a built-in security key management tool that allows you to reset your key or manage settings directly from the browser.

Which operating systems are supported?

Solo 2 works with:

• Windows
• macOS
• Linux
• Android
• ChromeOS
• xBSD

No drivers are required on any platform. Solo 2 is particularly popular with the Linux and xBSD communities including supporters from the Linux Professional Institute.

Does Solo 2 support NFC?

Solo 2+ supports NFC (Near Field Communication) for tap-to-authenticate on compatible Android and iOS devices. The standard Solo 2 is USB only and does not include NFC. Check your product to confirm which model you have.

Can I use Solo 2 with a USB-A to USB-C adapter?

Yes. Solo 2 is available in both USB-A and USB-C form factors. If you need to use an adapter ensure it supports full data transfer. Charge-only adapters will not work as they do not pass data through.

Can I use Solo 2 with my Android device?

Yes. Solo 2 works with Android via USB OTG (On-The-Go) or NFC (Solo 2+ only). Your Android device must support USB OTG for wired use. Most modern Android devices support this.

Security & Privacy

Is Solo 2 open source?

Yes. Solo 2 is fully open source. All software is dual licensed under Apache 2.0 and MIT. All hardware is licensed under CERN-OHL-S. All documentation is licensed under CC-BY-SA 4.0. You can review, audit, and verify everything about your Solo 2. We believe security should be transparent and hide no secrets.

What is Trussed®?

Trussed® is a modern framework for writing firmware for security devices. It provides a secure foundation for cryptographic operations. Solo 2 is built on Trussed® to ensure trustworthy and auditable security at the firmware level. The Trussed® framework is co-maintained with Nitrokey who have contributed extensions and improvements. Learn more at the Trussed® developer page.

Does Solo 2 back up my data to the cloud?

No. Solo 2 never backs up data to any cloud service. Your credentials and passkeys are stored only on the physical device. This is a deliberate security feature — your authentication data stays in your hands.

How is Solo 2 different from Google Password Manager or Windows Hello?

Platform authenticators like Google Password Manager and Windows Hello are convenient but store your credentials in the cloud or tied to a specific device. Solo 2 keeps your credentials on a physical key you control. Key advantages include:

• No cloud backup means no cloud breach risk
• Works across all your devices and platforms
• Not tied to any single platform or ecosystem
• Open source and independently auditable
• Physical presence required to authenticate

How is Solo 2 different from YubiKey or Nitrokey?

All three are strong security keys. Solo 2 stands out because:

• Fully open source hardware and firmware — YubiKey is closed source
• Built with Trussed® — a modern secure firmware framework
• Firmware updates are supported — when you purchase a Solo 2 you never have to worry about your device becoming obsolete. We deliver firmware updates that keep your key current with the latest security standards. YubiKey does not support firmware updates meaning the device you purchase is fixed at that firmware version forever
• Community driven development
• Competitive pricing

Can Solo 2 be cloned or copied?

No. The private keys stored on Solo 2 cannot be exported or copied. Physical possession of the key is required to authenticate.

What is attestation and does Solo 2 have it?

Attestation is a cryptographic certificate that verifies the firmware on your security key is genuine and has not been tampered with. All standard Solo 2 secure devices ship with locked firmware and include SoloKeys attestation certificates, giving you and the services you use confidence that your key is legitimate.

Note: Solo 2 Hacker does not include attestation. See the Solo 2 Hacker section for more details.

Managing Your Key

How many passkeys can Solo 2 store?

Solo 2 can store approximately 100 passkeys. Once the limit is reached you will need to remove unused passkeys before adding new ones.

How do I manage my Solo 2?

You have two options for managing your Solo 2:

solo2-cli (Command Line Interface)

The solo2-cli tool is available for technical users and developers. It allows you to manage passkeys, update firmware, set PINs, and configure PIV (Personal Identity Verification) and OpenPGP settings. Getting started with solo2-cli requires some initial setup. Full documentation and setup instructions are available on our GitHub repository.

Solo 2 GUI (Graphical User Interface) — Coming Soon

We are developing a Solo 2 GUI that will make key management accessible to all users without requiring command line experience. The GUI will provide a friendly graphical interface for:

• Firmware updates
• Passkey management
• PIV and OpenPGP settings
• PIN management
• Device settings

The GUI is currently in active development and ready for UAT (User Acceptance Testing). If you are interested in trying it out and providing feedback contact us.

How do I update my Solo 2 firmware?

Firmware updates can be managed through the solo2-cli tool. The upcoming Solo 2 GUI will make firmware updates even simpler with a straightforward graphical interface. Contact us if you need assistance with a firmware update.

How do I reset my Solo 2?

A factory reset will erase all stored passkeys and credentials. This cannot be undone. You can reset your key through:

• Your browser's built-in security key management tool (Chrome and some other browsers include this feature)
• The solo2-cli tool

Make sure you have backup access to all accounts before resetting.

How do I set or change my PIN?

You can set or change your PIN through:

• Your browser's built-in security key settings
• The solo2-cli tool
• The Solo 2 GUI (coming soon)

We recommend setting a PIN of at least 6 characters.

Troubleshooting

My Solo 2 is not being recognized by my computer.

Try the following:

• Try a different USB port
• Try a different USB cable if using an extension
• If using a USB-A to USB-C adapter ensure it supports data transfer not just charging
• Try on a different computer to isolate the issue
• Check if the LED lights up when plugged in

A website says my security key is not supported.

Ensure the website supports FIDO2 or WebAuthn. Some older sites only support the older U2F (Universal 2nd Factor) standard. Solo 2 supports both FIDO2 and U2F so compatibility is broad. If a specific site is not working contact us and we will investigate.

I forgot my PIN.

If you forget your PIN you will need to reset your Solo 2. This will erase all stored passkeys. Before resetting ensure you have alternative access methods for all your accounts such as backup codes.

The touch sensor on my Solo 2 is not responding.

Try unplugging and replugging the key. Ensure you are making firm contact with one of the three contact points on the capacitive touch sensor. If the issue persists contact us for assistance.

I need support with my purchased device.

For support with purchased devices reach out to us at [email protected] or use the contact form.

Solo 2 Hacker

What is Solo 2 Hacker?

Solo 2 Hacker is a development version of Solo 2 designed for developers, security researchers, and makers. It allows custom firmware to be loaded onto the device giving you full control over its behavior.

Who is Solo 2 Hacker for?

Solo 2 Hacker is for developers and makers who want to:

• Build custom FIDO2 applications
• Experiment with Trussed® firmware
• Contribute to Solo 2 development
• Research security key implementations

If you are looking for a standard security key for everyday use the regular Solo 2 is the right choice.

Can I use Solo 2 Hacker as a regular security key?

Yes. Solo 2 Hacker ships with standard Solo 2 firmware and works as a regular security key out of the box. Its key difference is that it allows custom firmware to be flashed.

What is the difference between Solo 2 Hacker and standard Solo 2 regarding attestation?

This is an important distinction. Standard Solo 2 devices ship with locked firmware and include SoloKeys attestation certificates. This means services can cryptographically verify that your key is a genuine SoloKeys device running verified firmware.

Solo 2 Hacker does not include attestation. While it functions as a security key for authentication purposes services cannot verify the firmware is our official verified build. This is by design — it gives developers the freedom to load and test custom firmware. If attestation is important for your use case use a standard Solo 2.

Where do I start as a developer?

The best starting point for Solo 2 Hacker development is our dedicated getting started guide. Note this guide is intended for Hacker devices only and is not applicable to standard Solo 2:

Solo 2 Hacker — Getting Started Guide for Developers

This covers everything you need including:

• Prerequisites and initial machine setup
• Building firmware for both the NXP LPC55 devkit and Solo 2 Hacker
• Flashing and running firmware on the device
• Application setup including attestation key provisioning
• Debugging setup with GDB and VS Code

What hardware do I need for development?

We recommend using an NXP LPC55 devkit for development rather than a physical Solo 2 Hacker. Recovering a bricked devkit is much easier than recovering a bricked key. For debugging with a physical Solo 2 Hacker you will need a TC2030-CTX cable and a compatible J-Link debugger such as the Segger JLink EDU mini.

Where is the source code?

The Solo 2 monorepo and hardware designs are on GitHub:

• Firmware: github.com/solokeys/solo2
• Hardware: github.com/solokeys/solo2-hw

Key components maintained in the Trussed GitHub Organization:

• Framework: trussed-dev/trussed
• FIDO Authenticator: trussed-dev/fido-authenticator
• PIV Authenticator: trussed-dev/piv-authenticator

How do I connect with the developer community?

The Solo 2 developer community is active and welcoming:

• Synchronous tech talk: Matrix #solokeys-dev

Other relevant community channels:

• Trussed® framework: Matrix #trussed
• Rust Embedded: Matrix #rust-embedded
• LPC55 chips: Matrix #lpc55

I need help getting started with Solo 2 Hacker.

Our team is available to help. Reach out and we will get you started at [email protected] or use the contact form.

Still Have Questions?

Can't find what you're looking for? Our team is here to help.

Contact Us