I can successfully add any of my 3 OnlyKey as FIDO2 WebAuthn key to Bitwarden. But only one of them, not two or all three.
As soon as I try to add a second one I get an error message on Bitwarden: There was a problem reading the security key. Try again.
It’s the same with Firefox or Edge (Windows 10) on two different computers.
I can add other multiple FIDO2 keys, such as two different Windows Hello FIDO2 on two different computers, just adding multiple OnlyKey gives me an error.
Is there maybe a random identifier that needs to be set in the firmware or something else that might prevent Bitwarden from adding multiple OnlyKey? Maybe it seems all of them as the same device?
I just confirmed this OnlyKey is used to do WebAuthn for login with Bitwarden and of course it blinks blue on the login and I have to press a button on the OnlyKey.
So now I am slightly confused what is what with FIDO2 and OnlyKey. Am I not supposed to have resident credentials on the device, especially if I am using it as FIDO2 key?!
Note that I set my PIN using the onlykey-cli AFTER I started using FIDO2 on Bitwarden, otherwise it wouldn’t let me list credentials.
I tried adding a second OnlyKey again to Bitwarden now, one for which I set the PIN before hand. No difference, still can’t add it to Bitwarden. Only difference is that I am asked for the PIN now before pressing a button when the LED blinks blue.
@AlexHK If you restored a backup from one key to your other keys then a site would see the restored keys as essentially the same as the backup. You can only register a key once so that would be why you can’t register the same key again.
But what about the onlykey-cli stating No resident credentials on this device. ?
Resident keys are typically only used for things like passwordless authentication not FIDO2 MFA. So no resident keys is expected when using a security key as a 2nd factor.
Thanks everyone, wiping the devices and setting them up from scratch (instead of restoring from the same backup) now allowed me to add them as individual keys to Bitwarden.