Using Token2 PIN+ FIDO2 Keys with ID-Austria

Only a few countries have adopted FIDO2 for secure access to government services. Switzerland’s AGOV platform was one of the first, and it has already recommended and supported Token2 keys. We are pleased to share that ID-Austria now also supports Token2 FIDO2 keys.

About ID-Austria

ID-Austria is the official electronic identity service of the Republic of Austria. It enables secure login and digital signing for various public services. As part of its authentication system, it supports FIDO2-based login using hardware keys that meet Level 2 (L2) certification.

Token2 Compatibility Status

Our Token2 PIN+ Series keys received FIDO2 L2 certification in January. However, compatibility with ID-Austria was initially delayed due to a backend requirement for manual whitelisting. We are happy to confirm that this step is now complete. Token2 PIN+ Series keys are now officially compatible with the ID-Austria system. While they may not yet appear on the official supported devices list, they work fully with the service.

How to Register a Token2 FIDO2 Key with ID-Austria

ID-Austria uses a unique process for registering a new FIDO2 security key. Please follow these steps:

Step 1: Open the Registration Page

Visit this page. No login is required. Look for the option: “Neuen FIDO-Sicherheitsschlüssel verknüpfen” (Link a new FIDO security key).

Step 2: Begin the Linking Process

Click the option to link a new key. You will be redirected to A-Trust, where the authentication takes place.

Step 3: Authenticate

Use an existing method (Mobile ID, app, or a previously registered FIDO2 key) to verify your identity.

Step 4: Connect Your Token2 Key

After authentication, confirm you want to add a new key. Then plug in your Token2 PIN+ Series key, which meets the required L2 certification.

Step 5: Choose the Right Option in Your Browser

• Chrome/Edge (Chromium-based): You’ll be asked to choose between Passkeys or Security Keys. Select “Use a security key.”
• This will invoke the current browser to start the FIDO2 Security key registration process. The windows given below just as an example (Chrome under Windows) and may look differently with other browsers and/or operating systems.
  
  
  
  Please note that to use our FIDO2 keys, you have to select "External Security Keys" or "Security Key" options when prompted (and please note that this option is not always set as default, so please pay attention to that). Selecting a different option may lead to having your built-in authenticator (TPM on a PC motherboard or Touch ID on a macOS laptop) enrolled instead of the standalone security key.
  Also, note that the system may ask to choose the authenticator option more than once (in case multiple platform authenticators are present). Make sure you always select the "Security Key" option. On the next step, the browser will ask you to allow the website to create a new resident credential (passkey) on your FIDO2 key. Then, it will ask you to enter your security key's PIN code (if you don't have a PIN code set on the key, you will be prompted to create it). Finally, it will ask to press a button (or tap in the case of NFC or swipe a finger in the case of a biometric FIDO2 key) to complete the process.
  
  
  For more info on the difference, see our blog post. Note: Only L2-certified keys are accepted by ID-Austria. Platform authenticators without this certification are not supported.

Step 6: Authorize and Touch the Key

Enter your PIN when prompted, then touch the sensor on your Token2 key to complete the registration.

Step 7: Allow Device Info (If Prompted)

Firefox users may see a message asking to share key details. Click "Allow" or "OK" — this is needed to confirm the L2 status.

Chromium browsers do this automatically.

Step 8: Completion

Once the key’s credentials are securely registered, your Token2 key is linked to your ID-Austria account.

Note: Token2 keys work with ID-Austria even if they are not yet listed in the official supported devices.

---