bitwarden / mobile

Retired Bitwarden mobile app for iOS and Android (MAUI/Xamarin).
https://bitwarden.com
GNU General Public License v3.0
153 stars 24 forks source link

iPhone App: YubiKey 2FA login challenge not designed for YubiKey 5Ci #679

Open fBwfbodGteRCA8aPwF7knF7Va0LYfB3dhgSaxK2 opened 4 years ago

fBwfbodGteRCA8aPwF7knF7Va0LYfB3dhgSaxK2 commented 4 years ago

When the Bitwarden iPhone app asks for your YubiKey it appears that it was originally designed for the YubiKey NEO with NFC. It should be updated to include wording for, and activation by, the YubiKey 5Ci via the lightning port.

First, the wording:

To continue, hold your YubiKey NEO against the back of the device.

Now that you can also use the YubiKey 5Ci via the lightning port, this wording should be changed to something generic or to include the YubiKey 5Ci and how to activate it (Currently: Plug YubiKey into lightning port, tap Cancel, tap the text field, and then press buttons on side of YubiKey).

Second, the text field: The way the current Bitwarden app works, to use the 5Ci you must first tap Cancel to stop the "Ready to Scan" popup window and then tap the (black on black background) text field immediately above the "Remember me" area. That text field is not at all obvious or intuitive, as you can see from Screenshot 2 below. At the very least, making that text field contrast against the black background might be necessary.

Ideally though, the whole process/popup should be changed from "Ready to Scan" to "Waiting for YubiKey", and to handle input from the 5Ci via lightning port (and USB-C for Android?) the same way it does for the NEO via NFC by automatically selecting the text field/placing the resulting key into the text field.

Thanks!

Screenshot 1 - Ready to Scan ![image0](https://user-images.githubusercontent.com/22988712/71438595-3fcec500-26ab-11ea-91d3-f3afa2068a2c.png)
Screenshot 2 - What text field? ![image1](https://user-images.githubusercontent.com/22988712/71438604-452c0f80-26ab-11ea-8b7b-f3528fe18a3a.png)
11P2wHd5En9n6JXFuSQlVtvTR2WjGkbQlRT80x8 commented 4 years ago

I'm glad I read this. I have used 5ci on the iPad version of Bitwarden in the past and it worked fine. Trying again today, it appeared not to be working. What I was missing was necessity of clicking on the invisible (black on black) text field before touching the 5ci. Works fine. Agree this UI error needs to be fixed.

ghost commented 3 years ago

I just ran into this and I also nominated a feature request on the Forums ... This is a little glitchy. Thanks @jrsmiley and @Ayitaka for figuring this out.

xn6oroRnRtJd2tJ0do085029CwIigDk09ZWfg1O commented 2 years ago

If you have a Yubikey NEO and encounter this on an iPad this experience is especially bad for a new user.

First issue; per Ayitaka comment back in 2019 Bitwarden does support the USB/Lightning hardwired keyboard key input method. Current picture and instructions do not mention that.

Next issue; the text input field where you can select and have the Yubikey as keyboard fill in the key is invisible. yubikeyiPad

I would suggest the instructions and picture shown on that page be updated to include the hardwired connection the Yubikey 5Ci and NEO (iPad) support. Also if the text input filed can be called out somehow that would help tremendously. Thank you.

xn6oroRnRtJd2tJ0do085029CwIigDk09ZWfg1O commented 1 year ago

This is still broken in 2023 on ios 17...

IMG_0316

dnepFApg29luYk56e6jemZeF4R0SejqzPuigQtW commented 1 year ago

Finally "solved" this on iPad. The challenge dialog with the dumb NFC picture after you now chose "no NFC" when setting up YubiKey is ... scrollable. So:

I cannot wait till Passkey sign in and this nonsense goes away in October or whatever. I just typed in my 50+ character password over 20 times this round of trying to get it to work. Annoying.

xn6oroRnRtJd2tJ0do085029CwIigDk09ZWfg1O commented 1 year ago

Finally "solved" this on iPad. The challenge dialog with the dumb NFC picture after you now chose "no NFC" when setting up YubiKey is ... scrollable. So:

  • Wipe all your Yubikeys in the web app
  • Uncheck "I use insecure NFC keys"
  • Register your 5ci and USB-C Yubikeys
  • Kill the iPad app and sign in again (swipe up from bottom edge to get to desktop, again to see running apps, flick bitwarden up to kill it)
  • When you see the "tap the NFC key I don't have" picture, scroll down to reveal the button to press to instead use your 5ci or 5c.

I cannot wait till Passkey sign in and this nonsense goes away in October or whatever. I just typed in my 50+ character password over 20 times this round of trying to get it to work. Annoying.

You might want to check out this issue I posted; https://github.com/bitwarden/mobile-maui/issues/2745

dnepFApg29luYk56e6jemZeF4R0SejqzPuigQtW commented 1 year ago

Finally "solved" this on iPad. The challenge dialog with the dumb NFC picture after you now chose "no NFC" when setting up YubiKey is ... scrollable. So:

  • Wipe all your Yubikeys in the web app
  • Uncheck "I use insecure NFC keys"
  • Register your 5ci and USB-C Yubikeys
  • Kill the iPad app and sign in again (swipe up from bottom edge to get to desktop, again to see running apps, flick bitwarden up to kill it)
  • When you see the "tap the NFC key I don't have" picture, scroll down to reveal the button to press to instead use your 5ci or 5c.

I cannot wait till Passkey sign in and this nonsense goes away in October or whatever. I just typed in my 50+ character password over 20 times this round of trying to get it to work. Annoying.

You might want to check out this issue I posted; #2745

I just go by what google serves up.

However, you are right that if I find the particular place to search for each product it could be more efficient than hoping the algorithm does a good job. Today I cared again because copy paste from new iPhone to iPad is not working because reasons which broke my workaround for the NFC plague.