@slink One thing I didn't mention, though: I have various models (YubiKey 5 Series and YubiKey Security Key in both USB-A and USB-C). Whether a given key actually works for FIDO2 or U2F authentication depends on a lot of factors, including in particular the navigator used (Firefox desktop vs. Firefox mobile, Chromium...), the website and whether the key is used via NFC or via USB-A or USB-C. This can be very stressful if the authentication is more than experimenting for you, and if you don't have a known-good, working combination with enough redundancy.
When I said “no problem so far”, I meant no obviously-hardware problem and no “key used to work but doesn't anymore”. However browser software support and hardware/software compatibility can't be ignored if you rely on the keys!
А сейчас какие-то ключи для двухфакторки возможно в Россию заказать не за сотни денег?
Хотя бы до 4 тыр, ну или какие сейчас цены на них.
Я вообще в этой теме не шарю.
Yubikey 5 стоит в районе 8 тыр, Yubikey SK стоит 4 тыр. ХЗ чем они различаются.
Я пробовал подобное с флиппером делать, но там файлик с флешки спереть как нефиг. делать
What is #U2F used for and what are the benefits?
A U2F security key is important to secure your authentication process. These U2F security keys protect your account from malicious take-over, including pishing attacks. This guide helps you to understand what a U2F security key is and why we at Tuta recommend using one. This helps you to never lose access to your online identity!
I login maybe once a year on my domain registrar's website (Gandi). Something has changed in both Firefox/Chromium since last time, because neither of them accepted any of my Yubikeys anymore: it prompted for a PIN, and I don't remember setting one! (I set one on the OpenPGP application, but that PIN is not accepted for FIDO2).
Temporarily disabling FIDO2 allowed the login to succeed as documented here: https://support.yubico.com/s/article/Understanding-YubiKey-PINs https://support.yubico.com/s/article/Enabling-or-disabling-applications
Note that this does *not* reset FIDO2 (Which IIUC would delete the FIDO U2F key too).
In that case IIUC it uses FIDO U2F instead of FIDO2 with a PIN. Although this seems like a bug, why doesn't the browser offer me the option of using U2F when I reject providing a FIDO2 PIN? Clearly all this worked fine several years ago when I initially registered the Yubikeys.
#FIDO2 #Yubikey #U2F
Some time ago I mentioned Yubikey migration. Unfortunately in work I have to deal with #Microsoft and #Google services. Besides confusing #authentication settings UI I noticed interesting thing - both services in own way mixed #U2F and #passkeys in settings. It basically wasn't possible to know what I was going to set. Even terms used on popups were different in different process stages.
Later I could check it was saved on Yubikey as passkeys and it was probably the only way to be sure.
Now I wonder, why these settings were so mixed. Did they do it purposely? Just their "normal" UI/UX chaos?
Anyone who uses more mainstream, passkey-supporting services saw something similar? I didn't saw any other passkeys "in the wild" to compare.
Dr. Bruce Simpson
Blobster
@
Раджа
The New Oil
pink
Edwin Török
Mad Argon 
Sebin Nyshkim