Using Token2 FIDO2 keys under Linux

Although many modern versions of Linux have native support for FIDO2 USB keys, quite a lot still do not support them out of the box. The reason is that, by default, USB dongles can't be accessed by users, for security reasons. To allow user access, so-called "udev rules" must be installed.

It is quite easy to fix this: manually, create a file like 70-token2-access.rules under your /etc/udev/rules.d directory with the following content

# this udev file should be used with udev 188 and newer
ACTION!="add|change", GOTO="u2f_end"

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="349e", ATTRS{idProduct}=="0010", TAG+="uaccess"


Additionally, run the following command after you create this file (it is not necessary to do this again in the future):

sudo udevadm control --reload-rules && sudo udevadm trigger

Hardware IDs

The IDs shown in the code above are  given as an example only. Follow the instructions below to find the ID values of other security key models.

For use with some applications, such as security software, you may need to know the USB product ID (PID) of the FIDO security key you have. You can use the steps below to find the USB PID of your device.


  1. Open Devices and Printers in the Control Panel.
  2. Right-click on the icon for the FIDO Security key  and choose Properties.
  3. Click on the Hardware tab.
  4. Click on Properties button
  5. Click on Details tab.
  6. Change Property drop down to Hardware IDs.
  7. You will see the PID listed.


  1. Open Terminal.
  2. Run: lsusb | grep -i FIDO
  3. You will see pairs of VendorID:ProductID listed.


  1. Open System Report (Apple Menu > About This Mac > System Report).
  2. Navigate to Hardware > USB.
  3. Select the FIDO key.
  4. See the Product ID below.