Overview
With a relatively squat design, the Kensington VeriMark Guard FIDO2 security key looks like a small USB thumbdrive with a bit of a blown-out end. On that end is where you’ll find the biometric fingerprint reader. The quality of the device feels quite high, with a black aluminum body, and just one opaque lock icon on it that lights up with an LED underneath. The VeriMark Guard comes with a small plastic case as well that has a narrow loop for attaching to a keychain.
While it is certainly portable, this key has the feel as more of a leave-in solution. While it protrudes more than it’s Feitian, Yubico or Token2 counterparts for leave-in style security keys, the tradeoff is that this one comes with the fingerprint reader.
Available Features And Management
The VeriMark Guard supports FIDO2 as well as FIDO U2F.
The management software I downloaded, however, was not able to successfully launch it on my Windows 11 device.
FIPS 140 Availability
Kensington does not produce a FIPS 140 variant of this key.
Enrollment And Usage
What seems interesting is when I took the key out of the box and started to first try to enroll it, the key already had a PIN configured on it, of which I had no idea what it was. I started poking and the documentation, and it makes me believe that Kensington wants you to use their associated software to force enrollment of biometrics and change the PIN. The problem, however, is that the software requires running as administrator. Along with that, I was not able to get the latest version to work on Windows 11.
I decided to just factory reset the VeriMark Guard within Windows, and after that I was able to enroll it just fine.
The key worked consistently after enrollment without issue, both using with a PIN and sensor as capacitive touch, as well as after enrolling my fingerprint and using biometrics.
The key was factory reset without issue.