Understanding the feature set of the Nitrokey 3 NFC

jduenas · April 17, 2026, 8:53pm

I want to promote the NK3 among friends and colleagues, therefore I want to be sure that I understand some of the main features correctly. Please excuse my sloppy terminology.

it is possible to configure one HMAC “key” only - in my case it works for unlocking KeepassXC - but this one HMAC can be used to unlock additional systems. I.e., the second device would not “know” and would not “care” that I am already using the HMAC for my KeepassXC. Correct? (This implies the upsides and downsides of a key that opens more than one door, of course)
if I use the NK3 to create a passkey as a the second factor on a login system which requires user ID and password * then that passkey is a so-called non-resident key which is not actually stored in the NK3 because it is not needed according to the underlying protocol. According to the linked article, the NK3 can handle a practically unlimited number of non-resident keys for a practically unlimited number of system logins Correct?.

Thanks in advance!

jduenas · April 19, 2026, 4:06pm

Allow me to rephrase my questions in a more straightforward manner:

you can only configure one HMAC “key” but you can use it to authenticate on more than one system
you can use the NK3 as a “passkey container” to authenticate on a practically unlimited number of systems as long as the passkeys are used as the second factor - i.e. instead of TOTP, in addition to user ID and password - for systems which support 2FA..

Is my understanding correct? Thanks in advance!