A Few Questions need Answering Please

Hi,

I received my OnlyKey about 2 days ago and I’m already in love with it and don’t want to use my YubiKey anymore.

I do have some questions/issues I would like to be answered/fixed:

1- When assigning a lock function to a slot, and use it, it locks the device, however, I cannot enter a PIN or even use the keyboard anymore as if the keyboard is somehow stuck (Win 10) and the only way I was able to reenter my password is to press the forget the PIN button
PS: this issue does not happen if I make a lock function using \gl with sysadmin mode

2- In sysadmin mode, are only 56 characters allowed in a field, and how to increase that if possible. Also, what do I do in normal mode if my password is more than 56 characters?

3 - In sysadmin mode, if I want a key to do an ipconfig command on cmd, how would I assign a key to do that? because \gr \2 cmd \r \2 ipconfig did not work.

4- Why does the FIDO2 function does not work on the Microsoft account but the YubiKey does? and is there a fix for that?

Those were all of the questions/issues that I have encountered, and couldn’t find the answer to.

I would highly appreciate it if I can get a response from all of them.

Update:

All the questions were answered by the community below, a big thanks to everyone who helped.

Kind Regards,

Hi, I’m a fresh new user as well, so I won’t be able to help with everything, but I think I can help with with a couple of points:

  1. The Lock button doesn’t just lock the computer, but also logs you out of the OnlyKey profile. That means that before you can use the OnlyKey again you have to re-unlock it with either of your PINs.

  2. The char limit is set by the hardware, see t11’s answer on this. However when I’ve found myself short of characters, I just divide them between user and password, set “nothing” in between, here’s an example
    image
    Remember that you can use special characters in the password field as well.
    Also remember that after the URL there will always be a Return. I haven’t played around with sysadmin mode yet, but I’m guessing that most of my scripts would have " \gr \2 cmd" in the URL field

  3. No help here, sorry, only a suggestion and a tip:

  • Suggestion: try to put \gr \2 cmd \r \2 ipconfig in the URL field, but remember the user guide:

You can chain together multiple ‘ \t ’ or ‘ \r ’ in the fields. Its one space to start and one space to end so if your chaining together multiple tabs it would have a double space in between

That means that the command in my suggestion should have one space before \gr and two spaces between \gr and \2, and \r and \2

  • Tip: when you’re trying to debug a slot, open notepad (not Notepad++, I found its autocomplete function can interfere with the OK) and touch it. See what it does. Are tabs being typed as tabs or did you use the wrong slash and you get “/t”? Did you use the right slash but the first special character still gets typed out? You might have forgotten a space before the “/”…
  1. Yeah, what’s up with that? I tried setting it up in five different browsers and two computers but it always fails, and only with my MS account.
2 Likes

For FIDO2, it seems that Microsoft is looking for the attestation certificate (Go here and register, you can see that YubiKey have a valid attestation certificate).

You can register the key on Firefox, and then you can use it on Chrome for personal Microsoft accounts. Unfortunately, if you use an Azure AD account, you will need your directory admin to disable the “Attestation Required” flag.

@wishy

  1. Can you provide me some procedures to reproduce this issue so I can test further?

  2. Right now we can’t increase the length, you can use the URL, Username, and password fields

  3. This should work in next firmware release 2.1.1

  4. This is a known issue with Microsoft on Chrome (firefox should work) and will be fixed in release 2.1.1

1 Like

Thanks for the help, Regarding No 1 I meant the PIN for the PC itself and not ONLYKEY, but I have made a video explaining the situation to the developer and submitted it (Lock Issue - Album on Imgur)

as for No 2, I didn’t know you can do that, that will be very useful.

For no 3 I found a workaround with Win10 ( \g \1 run \1 \r \1 cmd \r \1 ipconfig \r), it does the job but still, maybe your suggestion is better, ill try it out.

For No 4 the dev said it will be fixed in 2.1.1 so I’ll be looking forward to that.

Thanks a lot for the help and the quick response

Here is a reproduced video for No 1 issue https://imgur.com/a/t7ENPpJ

as for the rest, I’ll be looking forward to 2.1.1

Thanks for the help

Where do i register the key on Firefox, on the website you provided?

account.microsoft.com

Just like what you did in Chrome

@ pepe for #2 that solution is good, I never thought of it :sweat_smile:, I will be using this method now, many if not most of my passes are way over 56 charactors limit

Tried it, still didn’t work

I’ll just wait for 2.1.1 i guess

De necessitate, virtutem: I was trying to open and log into KeyBase. I ran out of characters in the username field before I even opened its text field, I had to put “username \t password” in the password field (yes, twice!)

Just tried register with Firefox, and it worked. What is your firmware version ( check right bottom of the OnlyKey App), and have you set the FIDO2 PIN?

@Extrawdw
Yes I have set up the FIDO2 PIN, the firmware is the latest ( OnlyKey v2.1.0-prodc ), I tried it on Firefox on linux and windows, it asks me for the pin, then touch the key, and then I get this error: Image

Sorry for going slightly OT, but how do you set the FIDO2 PIN and list credentials?

I haven’t found info on this in the docs, except using the Python CLI, but it seems that didn’t work for me, and the related thread I created didn’t yield a response so far.

@ZorgroZ
If you have Windows 10 then it is very simple:

Plugin your ONLYKEY and unlock it, then go to Windows settings => accounts => Sign-in Options => Security key

It will ask you to enter a pin, and once you do that is your FIDO2 pin

1 Like

If you use Linux, there is an option in Chrome security settings that allows you to manage FIDO2 PIN and resident keys.

Thanks @wishy, that worked well for me.