From nobody Wed Feb 07 20:04:45 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TVWLk0JBRz5B0Jm for ; Wed, 7 Feb 2024 20:05:18 +0000 (UTC) (envelope-from naddy@mips.inka.de) Received: from mail.inka.de (mail.inka.de [IPv6:2a04:c9c7:0:1073:217:a4ff:fe3b:e77c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TVWLh63vyz44nj for ; Wed, 7 Feb 2024 20:05:16 +0000 (UTC) (envelope-from naddy@mips.inka.de) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of naddy@mips.inka.de has no SPF policy when checking 2a04:c9c7:0:1073:217:a4ff:fe3b:e77c) smtp.mailfrom=naddy@mips.inka.de Received: from mips.inka.de (naddy@[127.0.0.1]) by mail.inka.de with uucp (rmailwrap 0.5) id 1rXoAM-003szB-5b; Wed, 07 Feb 2024 21:05:06 +0100 Received: from lorvorc.mips.inka.de (localhost [127.0.0.1]) by lorvorc.mips.inka.de (8.18.1/8.18.1) with ESMTP id 417K4jV7003689 for ; Wed, 7 Feb 2024 21:04:45 +0100 (CET) (envelope-from naddy@lorvorc.mips.inka.de) Received: (from naddy@localhost) by lorvorc.mips.inka.de (8.18.1/8.18.1/Submit) id 417K4jiM003688 for freebsd-questions@freebsd.org; Wed, 7 Feb 2024 21:04:45 +0100 (CET) (envelope-from naddy) Date: Wed, 7 Feb 2024 21:04:45 +0100 From: Christian Weisgerber To: freebsd-questions@freebsd.org Subject: Firefox with U2F? Message-ID: List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spamd-Bar: - X-Spamd-Result: default: False [-1.09 / 15.00]; AUTH_NA(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_SHORT(-1.00)[-0.999]; NEURAL_HAM_MEDIUM(-0.99)[-0.992]; MIME_GOOD(-0.10)[text/plain]; R_DKIM_NA(0.00)[]; MISSING_XM_UA(0.00)[]; FREEFALL_USER(0.00)[naddy]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:202113, ipnet:2a04:c9c7::/32, country:DE]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[inka.de]; R_SPF_NA(0.00)[no SPF record] X-Rspamd-Queue-Id: 4TVWLh63vyz44nj Does anybody here regularly use Firefox with FIDO/U2F for two-factor authentication? Does it work reliably for you? Because it doesn't for me. Sometimes it works, sometimes it doesn't, seemingly at random, and sometimes for a whole stretch of time. By "it doesn't work" I mean that Firefox displays its popup, but the U2F token doesn't flash, so it isn't being accessed. Importantly, I use ssh with U2F-backed keys a double-digit number of times each day, and that works 100% reliably. This rules out various failure modes such as device permissions or USB problems. -- Christian "naddy" Weisgerber naddy@mips.inka.de