Shauli Zacks
Updated on: February 4, 2025
Tim Steiner, founder and CEO of OnlyKey, is on a mission to revolutionize how we secure our digital lives. With a background in cybersecurity consulting and ethical hacking, Tim identified a glaring need for a safer way to manage passwords and protect sensitive information. OnlyKey, launched in 2016, has since become a standout solution, combining password management, two-factor authentication, and encryption in a single physical device. In this SafetyDetectives interview, Tim shares the story behind OnlyKey, its unique features, and what’s next for this innovative tool in the fight against cyber threats.
What inspired you to create OnlyKey, and how has it evolved since its inception?
I created OnlyKey back in 2016. The reason we developed it was that my colleagues and I, working in cybersecurity consulting and ethical hacking, noticed a significant problem: securely managing passwords and keeping them safe from malicious hackers.
We set out to create something we could use personally, a solution we could endorse. It turned out to be something many others were interested in as well. The key issue we addressed is the risk of storing passwords in the cloud—where they can be compromised if hacked—or on your computer, which is also vulnerable to breaches.
OnlyKey solves this by providing a physical device that interacts with your computer but doesn’t store passwords on it. This setup makes it much harder for malicious hackers to gain access to your credentials.
OnlyKey integrates multiple features like 2FA, password management, and message encryption. How do these features work together to enhance user security?
In addition to password management, OnlyKey supports multiple methods of two-factor authentication (2FA). For example, it can generate one-time passwords (OTPs)—six-digit codes that change every 30 seconds—and type them out automatically. This replaces the need for OTP apps on your phone.
OnlyKey also supports FIDO2, the latest form of multifactor authentication, and offers passwordless login options also known as passkeys. Additionally, it works with challenge-response 2FA for offline password managers like KeePassXC, providing an extra layer of security.
OnlyKey integrates encryption features by working with GPG, allowing users to encrypt messages, authenticate to GitHub, or log in via SSH securely. Instead of storing passwords or keys on your computer, OnlyKey stores them on the device itself. To log in, the user must physically press a button on the device, ensuring that only someone at the desk can authenticate. This physical confirmation significantly reduces the risk of remote attacks.
In a market with various security keys available, what sets OnlyKey apart as a leading option for users prioritizing privacy and security?
OnlyKey is the only security key that requires an on-device PIN to unlock. Just enter a PIN using the device’s six buttons to unlock it. If someone picks it up, they can’t use it without knowing the PIN.
Additionally, if 10 incorrect PIN attempts are made, the device wipes all stored data. This ensures that even if a hacker gets hold of your OnlyKey, they can’t access your information.
What are some of the most common mistakes people make when it comes to securing their digital lives, and how does OnlyKey help address those?
One of the biggest mistakes is password reuse. People often use the same password across multiple sites because it’s easier to remember. However, if one service gets hacked, that password is compromised. Hackers know this and try the same credentials across other sites, often gaining access to sensitive information.
OnlyKey helps solve this by securely managing unique, complex passwords. It eliminates the need to remember multiple passwords, making it easier for users to stay secure without relying on insecure practices.
Looking ahead, what innovations or enhancements are you planning for OnlyKey to address emerging cybersecurity challenges?
One of the most requested features we’re working on for the OnlyKey Pro is encrypted storage. This feature will allow users to store critical files securely offline, on an encrypted flash drive that requires a PIN to access.
With this innovation, you’ll be able to carry your encrypted files with you, ensuring they remain safe but accessible when needed. We’re also incorporating encrypted backup functionality so users can create a secure copy of their data, ensuring they always have a fallback in case of loss or damage.
