Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIDO U2F Security Keys not being enabled #511

Closed
surao101 opened this issue Feb 3, 2023 · 10 comments · May be fixed by #571
Closed

FIDO U2F Security Keys not being enabled #511

surao101 opened this issue Feb 3, 2023 · 10 comments · May be fixed by #571
Labels
FIDO U2F

Comments

@surao101
Copy link

surao101 commented Feb 3, 2023
edited
Loading

WP Version - Version 6.1.1.
Plugin Version - 0.7.3
PHP Version - 8.0
Browser - Brave version - Version 1.47.186 Chromium: 109.0.5414.119 (Official Build) (x86_64)
STEPS

  1. Enabled and setup "Time Based One-Time Password (TOTP)"
    Tested to see if it works : It Works.

  2. Checked the Enabled Checkbox for FIDO U2F Security Keys and updated profile
    It reloaded with " FIDO U2F Security Keys" unchecked.

  3. Disabled "Time Based One-Time Password (TOTP)" and updated profile.

  4. Checked the Enabled Checkbox for FIDO U2F Security Keys and updated profile
    It reloaded with " FIDO U2F Security Keys" unchecked.

Unable to enable " FIDO U2F Security Keys"

When I tried this on another cloned install of the above, I first tried FIDO that didn't work, then I tried TOTP, that didn't get enabled either, nothing was getting enabled.

I tried it on Mozilla Firefox (109.0 (64-bit)) and I was able to get it to work, I was using the Brave Browser when I was facing the above issues, it doesn't work on the Brave Browser.
Also when I try logging in on the Brave browser and use FIDO it doesn't work, it works on Mozilla Firefox (109.0 (64-bit))
@xiaomodao
Copy link

hello,
same issue here.

Yubikey work on Firefox for me, but not work on Edge browser.
edge browser dont open the yubikey screen.
edge version: 109.0.1518.78

@iandunn
Copy link
Member

iandunn commented Feb 4, 2023

U2F no longer works in Chrome or browsers based on it. #423 has more info.

The provider not enabling sounds like a different issue, though.

@burnedfaceless
Copy link

burnedfaceless commented Feb 4, 2023
edited
Loading

Hi, U2F no longer works for me. In Chrome initially and in Safari later.

Thanks for the work on this plugin.

Edit: I want to provide more context on this. Please view this link deprecation

Edit: this pull request migrates over to the new tech. pr.

If you kindly message someone with write access and ask them to merge the pull request, we should have U2F back and running again.

@carstingaxion carstingaxion mentioned this issue Feb 21, 2023
Closed
@baslking
Copy link

baslking commented May 3, 2023

WP 6.2
Two-Factor 0.8.1
Firefox 112.02 on MacOS 13.3.1(a)
TOTP working for me
FIDO does nothing. It had worked on older versions, not sure which.
I deleted my Yubikey config and tried to reinstall now I get a spinning dot (and enabling is impossible because there's no configured key)

@iandunn
Copy link
Member

iandunn commented May 3, 2023

https://wordpress.org/plugins/two-factor-provider-webauthn/ is an option in the mean time, until this plugin finishes building WebAuthn support.

@dd32 dd32 mentioned this issue May 4, 2023
Closed
@gstammw
Copy link

gstammw commented May 21, 2023

Same problem here, U2F is without function. Can neither login nor register a new key.

@baslking
Copy link

FIDO not working here either
WP 6.2.2
PHP 8.1.18
FIrefox 113.02
Same spinning disk, but TOTP still works. I've used TOTP for years and never had issues, but FIDO has been pretty flaky
Most FIDO sites pop up a little window waiting for the key click. No popup makes me wonder if it's being blocked, but not getting a warning...

@dd32
Copy link
Member

dd32 commented May 25, 2023
edited
Loading

This is a duplicate of #423, mostly.

The Enabled checkbox is being saved as enabled, but the UI is not showing it as enabled as it has no keys enabled (ie. The provider isn't "available" for the user). You'll see a similar behaviour if you setup Email+TOTP+FIDO+Backup codes - if you haven't configured TOTP or Generated backup codes the Checkbox will revert to unchecked.

The keys can't be enabled because FIDO / U2F is no more, and it needs to migrate (Which is what #423 is).

Ideally, until #423 is resolved the U2F provider should self-disable itself (Unless there's keys registered I guess).

@dd32 dd32 mentioned this issue May 25, 2023
Open
@jimmiedave
Copy link

two-factor-provider-webauthn gives the "serious error with this web site" message instead of "insert and touch your security key" on current WordPress, current versions of both Firefox and Chrome on my Mac (Catalina, Intel). Had to SSH in and wipe it.

I realize that third party plugin is not yours to debug, but it's not a useful option "until" if it does this.

@kasparsd kasparsd mentioned this issue Nov 27, 2023
Closed
@kasparsd
Copy link
Collaborator

Closing this to keep all the FIDO deprecation discussion to #423.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
FIDO U2F
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Disable U2F Interface unless already configured. dd32/two-factor
9 participants
@kasparsd @baslking @iandunn @dd32 @gstammw @jimmiedave @burnedfaceless @xiaomodao @surao101