Enrolling FIDO2 Security Keys
for AGOV: A Guide to Secure
and Convenient Authentication
with Token2 Security Keys
Read This article also:
Detailed Instruction
AGOV is the public service login for Switzerland, used not only in federal settings but also when dealing with cantonal and communal authorities, such as completing tax returns. We recommend using FIDO2 security keys with this service because they are phishing-resistant, meaning they provide a higher level of protection against phishing attacks compared to traditional methods. This makes them an ideal choice for securing user accounts and sensitive information.

AGOV Lists Token2 Security as a Successfully Tested FIDO Security Key
AGOV maintains its list of successfully tested FIDO security keys, and Token2 has been included in the list. Token2 is recognized as a provider of FIDO security keys that meet the standards and requirements for secure authentication with AGOV. For more information and the full list of successfully tested FIDO security keys, please visit the AGOV security page
How FIDO2 Keys Enhance Security
FIDO2 security keys use public-key cryptography to provide a secure and private authentication method. When a user logs in using a FIDO2 security key, a cryptographic challenge-response mechanism is used to verify the user's identity without transmitting any sensitive information over the network. This makes FIDO2 keys highly resistant to various forms of attacks, including phishing, man-in-the-middle, and replay attacks.
Prerequisites
Before enrolling a FIDO2 security key with AGOV, users need to ensure they have a compatible security key and an AGOV account. Any of Token2 FIDO2 keys can be used with AGOV accounts; we have successfully tested every model we have available.

The key must have a PIN code set before starting the registration process. A key without a PIN will fail to meet AGOV's security standards.
Use the Windows 10/11 built-in tool to set up and manage your FIDO2 key:
- Insert the FIDO2 key into your computer.
- Open Settings > Accounts > Sign-in options > Security Key.
- Click Manage and follow the prompts to set or change your PIN.
Safari does not support managing FIDO2 keys.
Install and use Google Chrome instead:
- Open Chrome and type chrome://settings/securityKeys in the address bar.
- Insert the FIDO2 key into your computer.
- Follow the prompts to set or change your PIN.