Stop account takeover attacks and protect employees and partners with DIGIPASS CX1®. Eliminate passwords, enable faster logins, sign documents, store digital ID credentials securely, and enhance employee productivity. DIGIPASS CX1 is a FIPS‑certified phishing‑resistant authenticator that works out‑of‑the‑box with hundreds of FIDO2 and OATH enabled services.


User convenient and secure
  • Employees can work from anywhere, any time on any device
  • Passwordless biometric authentication eliminates password fatigue, reduces friction, and enables a positive user experience
  • Phishing-resistant authenticator mitigates human risk in social engineering attacks
Multi-protocol support and FIPS
  • Support for DIGIPASS, FIDO2, and OATH authentication protocol in a single device
  • FIPS 140 Level 3 certified cryptographic module
Cost-efficient solution
  • Eliminates password management
  • Reduce helpdesk costs associated with password resets
Future proof
  • Secure remote updates to support latest authentication standards
  • Easily adapt authentication flows as business context changes
  • Authentication, transaction verification, document signing, and digital ID credential storage in a single device

With DIGIPASS CX1 organizations can enable a ‘work from anywhere, anytime, on any device’ policy without weakening the organization’s security posture. DIGIPASS CX1 offers the ideal multi-factor authentication solution to protect against social engineering, adversary‑in‑the‑middle attacks and replay attacks, preventing account takeover and unauthorized access to company resources. With DIGIPASS CX1, OneSpan offers the highest assurance security and the best user experience, helping organizations to maintain productivity and the burden on IT, while simultaneously protecting their employees against phishing attacks and account takeovers.  

Flexible authentication, document & transaction signing, and credential storage

DIGIPASS CX1 enables organizations to accelerate digital transformation, protect corporate resources, and authenticate users effortlessly. Users can complete any transaction, anywhere, anytime, via any channel, regardless of the device they prefer. The solution also enables organizations to streamline authentication and digital transactions to create an unparalleled user experience with a single DIGIPASS CX device. DIGIPASS CX1 is designed to fulfill different business needs, including authentication, transaction authorization, document signing, and digital ID credential storage. In addition, the solution supports multiple authentication methods – including FIDO2 and OATH - enabling organizations and integrators to secure applications and services using the appropriate protocol for each environment.

Mitigate account takeover, go passwordless

Digital transformation initiatives and the shift to hybrid work has expanded the potential attack surface for cybercriminals. Social engineering attacks are increasing both in volume and sophistication, bringing justified concerns for organizations on how to efficiently protect their workforce from credential theft and account takeover incidents.

Deploying passwordless authentication greatly enhances any organization’s security posture and helps protect users and corporate resources from unauthorized access. DIGIPASS CX1 s a phishing-resistant authenticator that enables passwordless authentication. The device works in connected mode, so one-time passwords are never disclosed, but transferred via a secure channel in an encrypted manner. As there are no passwords to phish, the likelihood of being exposed to phishing schemes that rely on passwords, such as adversary‑in‑the‑middle attacks, adversary-in-the-browser attacks, account takeover attacks, and replay attacks, is greatly reduced.

Create an unrivaled user experience

DIGIPASS CX1 enables passwordless authentication, which frees users from the burden of remembering usernames and passwords. A passwordless approach to authentication also greatly enhances the user experience. Employees and customers can access services simply by scanning their fingerprint. 

Organizations looking to deploy an authentication solution must also take the consistency of the user experience into consideration. DIGIPASS CX devices help organizations enforce the same security level and user experience across all types of devices. 

DIGIPASS CX1 can connect to a user’s device using USB, Bluetooth, or NFC, and can therefore work seamlessly with any device, including mobile, desktop, laptop, or tablet.  This ensures a large  
user adoption. 

digipass cx1

Enhanced security and simplified lifecycle management

The solution comes with an integrated cloud management experience, that is securely connected to the DIGIPASS CX devices without relying on the security of the underlying transport layers. This ensures message authenticity, confidentiality, and replay resistance. 

Organizations can manage the entire end-to-end lifecycle of the devices. This enables organizations to gain efficiencies through process automation when creating, configuring, updating, and disabling users and their privileges.  

A flexible and futureproof solution

OneSpan has revolutionized hardware authentication with the remote update functionality of DIGIPASS CX Devices. Due to the smart connection between the device and console, secure remote updates can be installed on DIGIPASS CX devices even after they have been deployed and distributed. This gives organizations the flexibility to activate new features, customize user journeys, and adapt to changing situations and new risks by modifying configuration or security parameters as business needs evolve. 



35mm (49.5 w/cable) (L) x 35(W) x 10.8mm(H)



Fingerprint Sensor



Bluetooth 5.2 LE (Low Energy)


ISO 14443 / card-emulation mode / extended APDU support


Rechargeable - 65 mAh


Integrated USB-C cable

Power Supply in Connected Mode

Via USB-C, 4.75 to 5.50 volts

Dust & Water Resistance

Dust-safe and splashproof


Short-term Storage Temperature

  • -10° C to 50° C;
  • 90% RH non-condensing
  • IEC60068-2-78 (damp heat)
  • IEC60068-2-1 (cold)

Operating Temperature

  • 0° C to 45° C;
  • 85% RH non-condensing
  • IEC60068-2-78 (damp heat)
  • IEC60068-2-1 (cold)


  • 10 to 75 Hz;
  • 10 m/s²
  • IEC60068-2-6


  • 1 meter
  • IEC60068-2-31



  • EN55022


  • 4 kV contact discharges
  • 8 kV air discharges
  • 3 V/m from 80 to 1000 MHz
  • EN55024

Compliant with European Directives

  • CE: 89/336/EEC or 2004/108/EC
  • RoHS: 2002/95/EC
  • WEEE: 2002/96/EC

Compliant with Federal Communications Commission

  • FCC ID: 2AH88-1200
  • IC: 27700-1200