Github Security Key (FIDO2 WebAuthn) Fails on Windows 10

Two Factor Authentication
1

Github allows one to set a 2FA security key on login, via WebAuthn according to the docs.
However this functionality does not work with OnlyKey;

OS: Windows 10 Education
Version: 10.0.19042 Build 19042
OnlyKey Firmware: Upgraded to v2.1.0 (the version on the “upgrade” page, retrieved today)

Here’s what happens:

  1. Github identifies the key.
    (At least it doesn’t launch any error messages that you get when you don’t have a key)
  2. Windows prompts me to touch the key.
  3. The OnlyKey LED flashes blue.
  4. I push any button on the OnlyKey.
  5. Github says: “This device cannot be recognized.”

I did enable 2FA for Github via SMS.
I am glad to provide more info.
Thanks in advance.

2

@Scorbie Have you been able to register any other FIDO2 security keys? We have not had any other reports of issues it may be a browser issue.

3

you happen to have screenshots?

4

@t11
Oops, you were right; It didn’t work on Firefox but works on MS Edge.
(This was my first FIDO2 security key, by the way.)

@My1 In case of future reference:

image
image1001×354 13.3 KB

Thank you all for the help!

5

okay that’s an interesting error to say the least. I think I need to try some stuff with this and dig a little because this really makes me curious.

1 Like
6

Hello,

I have the same issue with FireFox. However, its works fine with Edge.

  • OnlyKey Firmware: v2.1.0-prodc
  • OS: Windows 10
  • Browser: FireFox 87.0 (64 bits)

However, GitHub does not show any error message. The image below shows the error with FireFox 87.0 on Windows 10. Please note that it works fine with Edge.

Error with FireFox
Error with FireFox1361×344 18.6 KB

Note: I tried using Ubuntu 20.10 with FireFox (version 87.0 - 64 bits) and Chrome (version 89.0.4389.114 - 64 bits). The OnlyKey does not even blink blue (thus, the operation fails).

Regards,

Denis

7

UPDATE

Hello,

I just used the OnlyKey under Windows 10 / FireFox 87.0… and it works.

However, the use case is different from what I mentioned earlier:

In my previous post, I mentioned that I could not set up the OnlyKey as a security key for GitHub.

Thus, I’ve set up the security key using Edge.

Rigth now I was logged on my GitHub account (using Firefox), and I deleted a repository. GitHub asked me for confirmation, and then asked me to touch my security key. I touched it, and it worked out OK.

Therefore the problem seems to happen only when you try to set “declare” the OnlyKey as a security key. But, once declared, it’s OK.

Regards,

Denis