Need help

[alexandre1985]

I have made a password recovery for my google account. My yubikey registration also got reseted, although I haven't lost my yubikey, only my password. When trying to register my yubikey again using google chrome I always get an error to try again. Like this image:

Can someone tell Google that this issue is happening? It happens to be a bug, because what I lost was my password not my yubikey... but still my U2F got reseted. And now my yubikey, that wasn't lost, isn't being accepted when setting up the U2F again. The yubikey works on other websites.

Need someone with contacts with Google to push this issue throw so that it doesn't happen to other users and to please solve this issue for me. I have tried several official communication channels with google and none seem to give me feedback.

Just want to secure my account to continue using google. Maybe I'll which to other service, but not until I give up hope on google. I desperately need a hero to communicate this to the responsible people or team.

Sorry for making you listen to this

[ThomasHabets]

I can't help you if the message isn't in English.

Have you tried using a different machine to register that yubikey? Have you tried using that key with another machine?

[alexandre1985]

The error message of the image in English says: "Something went wrong. Try again.". I haven't tried using other machine to register the yubikey because right now I only have one machine :disappointed: . Maybe I will try the next week on another PC. But my yubikey is working, for example, to enter github I have to use it and it works. Is there something you can do with this info @ThomasHabets ?

[ThomasHabets]

I think you should try at least with another PC it's too much guesswork.

Ideally try all combinations of different PC, different Google account, and different yubikey, so that we can see which combinations don't work.

[ThomasHabets]

I should add that this is pretty off topic. GA doesn't do U2F. The only reason I can help is that if you provide all the data I could file an internal bug which may or may not be attended to.

I'm not on the team that deals with U2F or Google logins.

[alexandre1985]

A internal bug report may help. At least more then what I am receiving now... which is none. Wednesday I will try on other PC the yubikey. Meanwhile can you tell me which information do you need for the internal bug? Many thanks @ThomasHabets I really aprecciate it

[ThomasHabets]

Like I said results of all combinations of account, yubikey, and computer.

E.g. "account1, computer1, yubikey1 — This error message", "account1, computer2, yubikey1 — Works". etc…

[alexandre1985]

Alright :wink:

[alexandre1985]

It took time, but I'm back with results. To make things clear, with problem is with registering (tying, bounding) my yubikey with a google account. (I have successfully bounded my yubikey with my account but after a password recovery things went wrong). Here are the results:

account1, pc1, yubikey1 -> the error reported above on this issue account1, pc2, yubikey1 -> the error reported above on this issue

account2, pc1, yubikey1 -> the error reported above on this issue account2, pc2, yubikey1 -> the error reported above on this issue

(I have no other yubikey to test other then this one)

Just to remember that my yubikey got registered (bound) successfully to my google account the first time that I registered it, only after a password recovery (that deleted my u2f) I was unable the register my yubikey to my account.

@ThomasHabets can you please open a internal report in google to see if this issue is resolved?

[ThomasHabets]

And the reason you did password reset is not that the yubikey stopped working?

Could you share at least one gmail account email you tried? If you don't want it on github you can mail it to habets@google.com.

[alexandre1985]

@ThomasHabets yes, the reason that I made a password reset was because I forgot the password. I didn't lost my yubikey and I'm still using the same one. I sent you the email, just now

[ThomasHabets]

Sorry, one more thing you could try: Does the Yubikey work with other providers? E.g. github has U2F support, as (I think) does Facebook.

[alexandre1985]

No problem, yes it does work with other providers, for example, it works on github and facebook. Thank you for your support @ThomasHabets . I was, and still am, desperate

[ThomasHabets]

I have filed b/123749307. It's not my team doing this and I can't promise anything about priorities or feedback on it.

I'll follow up here if I get anything I can share.

[alexandre1985]

Thank you @ThomasHabets . I really appreciate your gesture :1st_place_medal:

[Adony719]

👍

[cpiper]

Hi, is this issue still occurring? If so, can you provide your Chrome version?

[alexandre1985]

Yes, the issue is still occurring. I'm on Chromium 74.0.3729.131 Manjaro Linux . Here is what I get

$ /usr/bin/chromium 
[14568:14568:0509/123339.031068:ERROR:gaia_auth_fetcher.cc(72)] Missing ID token on refresh token fetch response.
[14568:14577:0509/123418.308550:ERROR:browser_process_sub_thread.cc(217)] Waited 76 ms for network service

[cpiper]

Ok thanks for the information. Just to clarify, can you go to u2fdemo.appspot.com and confirm that you can successfully register the key there?

[alexandre1985]

I dont recognize that domain as legitimate trusted source, sorry @cpiper

[cpiper]

That is Google's demo website for U2F, see https://github.com/google/u2f-ref-code

[ThomasHabets]

Also if you're concerned about not using your U2F token on shady websites I don't think you should be. There's by design no way for U2F on domain X to leak any information about your account on domain Y, or even if you even have an account on domain Y. It's designed with privacy and phish-protection in mind.

[alexandre1985]

Thanks for that info @ThomasHabets .

Just to clarify, can you go to u2fdemo.appspot.com and confirm that you can successfully register the key there?

@cpiper I went to https://crxjs-dot-u2fdemo.appspot.com/ with Chorimum, click the register u2f authenticator button, and my yubikey doesn't blink (saying that wants a touch) after I have clicked on that button. So no, it is not working on Chromium in my Manjaro Linux Deepin.

[cpiper]

Sorry about the confusion, the crxjs version of the demo relies on a separately installed Chrome extension that is no longer supported. I updated the README at https://github.com/google/u2f-ref-code. Can you try at u2fdemo.appspot.com?

Thanks!

[alexandre1985]

@cpiper on https://u2fdemo.appspot.com/ my yubikey is working. It is registering and validating the test.

[cpiper]

Ok, great to know. I know this is a lot of steps but can you try the following?

1) Close Chromium completely 2) Open chrome via terminal with the command line option to show component extensions, eg, ./chrome --show-component-extension-options 3) Go to chrome://extensions in the browser bar, this will bring up a list of installed extensions 4) Find the extension called "CryptoTokenExtension" and click the "background page" link, which will bring up DevTools, and select the Console tab 5) Open a new tab in Chromium and try to enroll your security key at accounts.google.com 6) The CryptoTokenExtension console opened earlier should now show some output. Let me know if it says "Proxying registration request to WebAuthn". If it instead gives a flood of data, feel free to send that to me.

[alexandre1985]

@cpiper I'm stuck on 4. , don't know what you mean by "click the background page link, which will will bring up DevTools". Here are some screenshots:

[cpiper]

Ah yeah you also need to toggle developer mode (the toggle at the top right of the screen)

[alexandre1985]

@cpiper On Console it brings the "Proxying registration request to WebAuthn" text [enroller.js:841]. It is the only text that console logs.

[cpiper]

Ok, another quick test, can you go to webauthndemo.appspot.com and verify that that works as well? https://github.com/google/webauthndemo

[alexandre1985]

@cpiper Which button to click? Register Platform Authenticator or Register New Credential?

[cpiper]

Register New Credential

[alexandre1985]

@cpiper It registers and and authenticates with "Sucessfull assertion"

[cpiper]

Thanks for all the debugging! I'll see if I can take a look on my end and get back to you.

[alexandre1985]

@cpiper I tested again on myaccount.google.com and still the same error with the U2F registration with google. I did it just to be sure, since now my Chromium extensions have the "developer mode" active.

[cpiper]

@alexandre1985 I think since you went through account recovery the security key you previously registered may still be registered to your account. Can you go to sign up for 2SV at accounts.google.com using a different method (such as SMS or Google Prompt), and see if you can then enroll a key from that page? You can remove the other method you added at this point.

[alexandre1985]

@cpiper I didn't understand what you meant by 2SV

[ThomasHabets]

@alexandre1985 http://lmgtfy.com/?s=b&q=2SV

[alexandre1985]

@ThomasHabets Ahahah!!😃 Thanks

[alexandre1985]

I was a long walk, but finally the destination has been achieved.

@cpiper Using your recommendation, finally I was able to add U2F security to my Google account! It's time for celebration :tada: :tada:

Thank you @cpiper and @ThomasHabets for your help and support. Whishing you a great journey on your live and success in your professional one :1st_place_medal: :100: :trophy:

I'm very happy right now :smile: :smiley: :smile:

I'm gonna happily mic drop this issue :microphone: