I got OnlyKey DUO to secure AWS accounts’ root user access with hardware MFA. I was able to register it for Security Key (WebAuthn) authentication for one of my AWS accounts’ root users in early 2023, however the same procedure is failing now (July 2023) across browsers/ OSes (Browser: “Error registering security key”/ CloudTrail: “AccessDenied”). No changes were done to Onlykey firmware, or AWS account configuration between now and then. I suspect the issue may be related to AttestedCredentialData aaguid returning “00000000-0000-0000-0000-000000000000”.
I realize I can do a TOTP setup, but the MFA type in AWS sets as Virtual device, so this hurts me on compliance front.
Anyone else is experiencing similar issues with WebAuthn registrations in AWS? Specifically for the AWS account root user (IAM users can still register OnlyKey as Security Key)