search

WordPress / two-factor

Two-Factor Authentication for WordPress.
https://wordpress.org/plugins/two-factor/
GNU General Public License v2.0
724 stars 152 forks source link

Can neither use existing nor register new FIDO2 token with "FIDO U2F" → install Webauthn addon for two-factor #614

Closed nursoda closed 3 months ago

nursoda commented 3 months ago

Describe the bug

I had a Solo Micro USB FIDO2 token registered approx. a year ago. It used to work fine. I tried to log in today, 2FA using the (default) token didn't work, neither in FX nor Chromium: The token wouldn't was not accessed (i.e. turn from green to orange). It does work on other Websites such as my self-hosted Nextcloud. I also tried with differen FIDO2 tokens such as Yubikey 5, Nitrokey and Solo 2. That only leaves Linux (but Nextcloud works there) and the PlugIn.

Steps to Reproduce

  1. Have two-factor installed and enabled
  2. Go to profile, activate some other, like email and TOTP
  3. Try to register a security key (in the lower section)

This does not start the process for me: None of my devices enters "register" state. I just see the spinner:

Screenshots, screen recording, code snippet

grafik

Environment information

I'm on (Arch) Linux, Webserver is hosted, Apache. WP 6.5.5, Elementor, custom Theme, Elementor 3.22.3, two-factor 0.9.1.

Please confirm that you have searched existing issues in this repository.

Yes

Please confirm that you have tested with all plugins deactivated except Two-Factor.

No

dd32 commented 3 months ago

Hi @nursoda,

Browsers have deprecated the U2F standard which the Two-Factor plugin uses for security keys. As a result, you will be unable to authenticate.

My personal recomendation is to install the WebAuthN plugin: https://wordpress.org/plugins/two-factor-provider-webauthn/

See https://github.com/WordPress/two-factor/issues/423