Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.


Winkeo-C FIDO2, hands on: A reliable and affordable USB-C security key

Add FIDO2 to devices that don't have built-in security hardware. There's a little extra setup work, but the price is competitive.
Written by Mary Branscombe, Contributor

Winkeo-C FIDO2

pros and cons

  • Good price
  • FIDO2 and FIDO U2F support
  • Some setup required
  • No NFC or biometric options

Many devices now use biometrics to let you log in without the inconvenience of remembering and typing a password: it's more secure, but it usually adds a little to the price of the device. If you use any devices that don't have Windows Hello, Face ID or a fingerprint sensor then you must have a password on your account anyway.  

If you want to use two-factor authentication (2FA) or even go full passwordless but you still have older devices with no biometric hardware (or you prefer not to use biometrics), a FIDO2 hardware key will let you use the same cross-platform authentication that's built into Windows, MacOS, iOS, Android, ChromeOS, Linux (although you may need to do a little more setup) and an increasing number of online services like Microsoft 365, Azure AD, Google Drive and more. 

Winkeo-C FIDO2 in laptop

The Winkeo-C FIDO2 key is small enough to leave in your laptop.

Image: Mary Branscombe / ZDNET

The Winkeo-C FIDO2 from Neowave is a compact little security key that also supports the older FIDO U2F specification that works with AWS, Dropbox, Facebook, GitHub, Gmail, GOV.UK, Okta, Salesforce, Twitter, Zoho and dozens of other sites and services. It's small enough to keep in the USB port of your laptop most of the time, although it doesn't sit flush enough that you'd necessarily want to leave it in place when you're carrying it in a bag (the lanyard hole makes it easy to put on a keyring to carry around though). We also found it fitted very snugly into the USB-C ports on multiple test devices, so you have to tug quite hard to extract it.

Winkeo-C FISO2 setup

Sites and services that use FIDO2 let you create a PIN and use a hardware key like the Winkeo-C to log in securely.

Screenshots: Mary Branscombe / ZDNET

You don't have to install any software – not even a driver: just set up your accounts for 2FA (you have to do that for each site or service you want to use it with) and add the Winkeo-C as your security key. For many services, that will involve setting a PIN. Whereas a password is sent to the server (and if the service provider doesn't protect their data properly a data breach could expose it to attackers), PINs never leave your device and are not synced across devices the way passwords are, so you must set them up on each system. PINs are just used to unlock the secure hardware that stores your log-on credentials, which means they can't be exposed in the same way passwords can. Even if someone tricks you into telling them your PIN, they can't use it without your security key. 

Once set up, the key uses both the PIN and a tiny touch surface on the end to log into FIDO2-enabled systems and services that support passwordless: when you're using it as 2FA with a service like Gmail, you still need to fill in your password, but you must also have the security key plugged in and touch it to prove you're there. This isn't a fingerprint sensor, just a capacitive sensor that detects a live person touching it. 

Usually, the interface will tell you when to touch your device: if you miss that, the Winkeo-C flashes a bright red light to attract your attention (it also lights up green when you first plug it in to show it's been detected by your device). Because it's a USB-C device you can put it either way up: the light and touch surface are more visible when it's the right way up, but because the case is slightly translucent and the touch sensor is on the end, you can still use it (and notice the light) either way round. 

Winkeo-C vs Winkeo-A

The USB-A version of the Winkeo FIDO2 is quite a bit bigger.

Image: Mary Branscombe / ZDNET

If you don't have a USB-C port, Neowave has a USB-A model (the Winkeo-A FIDO2), which is quite a lot larger but otherwise works in the same way. 

There are plenty of FIDO2 hardware keys on the market, with Yubico being perhaps the best known, which have options like NFC or biometrics and are mostly priced around £40-50. The Neowave keys are rather cheaper – £21.99/€29.99 for the Winkeo-A and £32.50/€29.99 for the Winkeo-C – if more basic.  

As a lesser-known supplier, you may have a few more hoops to jump through to use these Neowave devices: they're not listed on the common instructions for setting up a UDEV rule to FIDO2 and you may need to turn off the key restriction policies in Azure AD that limit hardware manufacturers you can use before enabling security keys for your tenant.  

That doesn't mean there are any security concerns (Neowave is a Microsoft partner and its security keys are certified by ANSSI, the French national cybersecurity agency), but it does mean a little extra setup work to make logging in both simpler and more secure. 

Winkeo-C FIDO2 specifications

Smart card componentCertified Common Criteria EAL5+ • up to 1024 credentials for FIDO2 and FIDO U2F
FIDO2 features
Supported crypto-algorithmECC P-256
Supported optionsuser PIN (4-63 bytes, try limit = 8) • resident keys (max number ~256 credentials)
ExtensionHMAC secret
FIDO U2F features

No security failure in case of key or password theft (Authentication requires both)

Second factor authentication fully compliant with Google services through Chrome, Edge and Firefox browsers

Extended compatibility (Salesforce, Office 365, etc.) through federation identity providers (Web SSO)
Supported operating systemsWindows, Mac, Linux and Android
Supported browsersChrome, Chromium, Vivaldi, Opera, Mozilla Firefox, Microsoft Edge (via WebAuthn/FIDO2 CTAP)
Dimensions23.5mm (26.1mm with cap) x 14.4mm x 6.5mm
Price£32.50 / €29.99

Alternatives to consider


This is the ultimate security key. Here's why you need one 

The best YubiKeys: What's the difference between each key? 

How to set up two-factor authentication for your Facebook account 

Connecting to public Wi-Fi: Here's how to protect your data and your device 

The best security keys: Protect your online accounts

Read more reviews

Editorial standards