Yubikey for 2FA login to Vivaldi?
-
Hi, I'd like to set up a Yubikey as my 2FA security key. Has anyone successfully done this?
When I click on the button to add security key (the dialogue mentions Windows Hello and Apple Touch ID), I am prompted to enter my PIN. I get stuck here because the Yubikey doesn't have a PIN.
Is the Yubikey simply not supported by Vivaldi at this time? thanks.
-
-
@TbGbe Hi, thanks! It looks as though maybe there's a bug in the Vivaldi for Linux which pops up the "enter PIN" dialogue instead of the WebAuthn one. I'll try registering the Yubikey from a windows machine to see if that'll work!
-
@idlewild I tested on my Debian 11 KDE with a resetted Yubikeys:
- Yubikey Security Key (blue)
- Yubikey 5 NFC (black)
i registered the keys, logged out of forum, logged in with loginname+password, inserted key, tipped on it – got no PIN dialog with both keys.
-
Strange.
Tested with Yubikey Security Key (blue).
Windows 11 wants a PIN to register a key.
Debian 11 do not need this.I do not know what Windows 11 does wrong.
If i register the key on Debian no PIN is asked.
That is not a Vivaldi issue!, same on Edge, Firefox, Chrome and Chromium!
Looks like some strange Microsoft thing with the PIN
I gonna hate Windows now much more now. -
@idlewild2 I would try to reset the Yubikey FIDO data to get a clean one. Thats what i always do while testing in shell.
ykman fido reset//EDIT:
You say on your Ubuntu you had to add a PIN to register? Or was that with the already used yubikey?//EDIT2:
I will try on my Ubuntu 22.0.4 LTS Cinnamon now.
It does not create a key with a PIN._bug hunter · Volunteer helper · Sopranos tester · Language DE,EN · ♀👵
Known old dragon lady: Gwen aka Dr. Gwen Agon aka GwenDragon aka DoctorGTesting
Linux Debian 12 KDE X11 / Windows 11 Pro
Intel i5-7400 / NVidia GT 710 -
Windows and Yubikey FIDO , how it uses PINs is written at "Understanding YubiKey PINs
But i can not understand why Linux FIDO is different
//EDIT:
A dev told me that the Windows 10/11 credential management needs the PIN to unlock key and re-confirmation features. -
Well, I seem to be permanently locked out of my @idlewild account, so I made a new one but it seems that this new reputation system to get approved for webmail access takes quite a bit of time to kick in. I guess it can't be helped but I do feel that the 2FA onboarding process for Yubikey users is a bit too klunky. I guess there aren't all that many Yubikey users out there so it might not be a huge issue, but still I won't be surprised if other users lose access to their accounts by trying to register their Yubikeys as 2FA tokens... sorry to grumble!
-
@DoctorG I regained access to my Vivaldi account! Your tip (which at the time I did not understand very well) was what led me to the solution, which was to disable FIDO2 on my Yubikey 5 NFC, using Yubikey Manager.
Once FIDO2 was no longer available on my Yubikey, Vivaldi login stopped asking for my PIN or locking me out for entering the wrong PIN too many times, and I was able to log in again.
Now I have to decide whether to get back to using this old Vivaldi account or the new account I set up during the time I thought I'd lost this account permanently... Anyway, thanks for your tip!
-
If i remember correct FIDO2 is broken in Vivaldi auth server at the moment and was already reported to bug tracker.
Thats why you can only use U2F & FIDO. -
Glad to read that you can access your @idlewild account again. Since it has more history, if it were me, I would resume using it.
