kryptco / kr-u2f

DEPRECATED A Browser extension that lets you use your phone as a U2F/WebAuthN Authenticator for strong, unphishable 2FA.
https://krypt.co
126 stars 36 forks source link

Support CTAP2 #26

Open jasperweiss opened 5 years ago

jasperweiss commented 5 years ago

Chrome and Firefox now use the Windows web authentication API on Windows 10 build 1903 rather than talking to U2F devices directly. This allows the user to use platform keys (e.g Windows Hello), CTAP2 or U2F keys.

This causes funny behavior when using Krypton. The requests are received by the app but Windows simultaneously shows a dialog prompting the user to insert their key or enter their pin which stays open even after the user has accepted the prompt on the app. The web authentication api is unaware of krypton intercepting the requests.

This could be solved if krypton acted as a CTAP2 credential provider rather than a browser extension that intercepts the U2F requests.

danielskowronski commented 5 years ago

In Firefox 69.0.1 on Win10 build 1903 (18362.356) it's even worse - Windows API is called in blocking mode so no JS code, including plugins can intercept request. Sadly this breaks Firefox plugin entirely.

daegalus commented 4 years ago

I am rebinding my keys right now on a new phone and this is causing me a lot of problems.. Seems the KR browser extension needs to be re-architected for this, or make a windows side thing that runs on windows and handles the integration.

agrinman commented 4 years ago

Just pushed v1.0.18 can anyone confirm if this is still an issue?