search

kryptco / kr-u2f

DEPRECATED A Browser extension that lets you use your phone as a U2F/WebAuthN Authenticator for strong, unphishable 2FA.
https://krypt.co
125 stars 36 forks source link

Be VERY careful when you use this! #54

Open markg85 opened 4 years ago

markg85 commented 4 years ago

Hi,

Right now i'm in the awkward position where a site DID allow me to set a security key. Krypton did pop up to confirm the "registration" if you will.

The trouble comes when you want to login. And... the login keeps asking for a (yubi)key and doesn't trigger krypton. This happens on a few sites and is a major pain in the *** to get back into working order. As there you have the situation where, for the registration, krypton popped up. But to login it doesn't.

So, just a fair warning. I've been bitten by this a couple times now. Be extremely careful when using krypton!

I think it's a failure on Krypton's end to not catch those cases correctly. Even though you can argue that the login mechanism on those sites (binance.com is one such example) are just poorly done. But they work if you have a yubikey. Which, to be frank, is the correct way for them to support.

Don't get me wrong though. It's super awesome to use, for example, webauthn.io and see it work with krypton :)

Cheers, Mark

rolltidehero commented 3 years ago

I have this same problem and I am now locked out of two important accounts. It just asks me to insert USB. Please help! Chrome /Windows 10 / iOS 14

Daniellameira2021 commented 3 years ago

Só uso ele em sites que me permitem usar 2FA de preferência em apps offline. Caso o Kripton falhar você terá a opção de usar o 2FA via APP

markg85 commented 3 years ago

Só uso ele em sites que me permitem usar 2FA de preferência em apps offline. Caso o Kripton falhar você terá a opção de usar o 2FA via APP

Do you mind repeating that in english?

markg85 commented 3 years ago

I have this same problem and I am now locked out of two important accounts. It just asks me to insert USB. Please help! Chrome /Windows 10 / iOS 14

I wish i could offer you a suggestion that would make it work for you. I was lucky enough to merely be in the migration process from one phone to another. I would just turn on the old phone and get my data back that way.

Usually sites that want to have you use 2FA also give you a bunch of words that you're supposed to print and store in a safe somewhere (right.. who does that?...), that's your backup to get your data back if you lose your other means of logging in.

Daniellameira2021 commented 3 years ago

Só uso ele em sites que me permitem usar 2FA de preferência em apps offline. Caso o Kripton falhar você terá a opção de usar o 2FA via APP

Do you mind repeating that in english?

I only use it on sites that allow me to use 2FA preferably on apps offline. In case the Kripton fails, you'll have the option to use 2FA via App