Issues with website registration on Windows

[stonewalljones]

I've tested this both on my Solo 2a and my 2c

Twitter and github when attempting registration I get the following screen and nothing happened when I touch the buttons on the key.

Then I get a different issue when I tried to register the key on facebook. It is prompting me to create a pin which leads me to think that it's trying to use PIV auth rather than fido authentication for facebook.

I was able to register both my type a and my type c key with my google account however.

[Dennis1000]

Same for me (Win10 Pro): nothing happened when I touch the buttons on the key. The LED changes to a yellowish green and on touch the LED changes to the normal green, but it's not recognized as a valid action.

Same PC, same browser (Firefox) but Ubuntu 20 (even running in a VM) does work. https://www.token2.com/tools/fido2-test/

[ElectronicWar]

To avoid the "Are you there?" prompt on Windows 10/11 you need to tap the key as soon as the LED changes color. It's some timeout that is too short and is already over before the "Tap key now" prompt is properly shown.

[Dennis1000]

Thanks. It's indeed a very short time out and works if tapped very early on. Not a very convenient solution though.

[jzt308]

Same issue here. Both the Pin requirement when using services (in my case when I try to log onto my mailcow instance) and the issue with the timeout. It's very annoying this way. If you're not fast enough you need to take out the key and insert it again to restart the process. Is there a solution for this? Is it an issue with windows or the site, or is it a solokey issue (and can it be fixed with an firmware upgrade)? On linux (pop-os latest release) I am unable to use it. Where on windows I can use this workaround on linux it wont work. The key shows up when I use the solo CLI tool. Just ran the CLI update to make sure i'm on the latest firmware version.

[burtek]

Unable to use it at all. By miracle managed to get all 3 keys working with Facebook, but afterwards any try was a fail. Can't get past "Can't read security key" and "Are you there?" screens (one or the other appearing at random) and the touch timeout is definitely yoo short (doesn't matter anyway, since keys are unusable at this stage, can't register them anywhere now even with instantly touching the key)

[skundrik]

The timeout is annoying and it seems to be about 2-3s but otherwise it seems to work pretty reliably. Didn't have this issue with timeout on the Android phone or Mac so it seems to suggest something on the Windows side. The PIN requirement is related to the user verification part of webauthn IIRC and depends on the website if it requires it or not.

@burtek try to play with the key at https://webauthn.me/debugger

[burtek]

@skundrik thanks for that link

Rebooted my PC and got all keys working via USB on most sites/apps apart from OVH and Zoho (both seem to have internal issues tho),Dropbox (can't get past "can't read security key"/"are you there" messages as described above), NextCloud, Microsoft and Discourse forums (all of those just fail to save the key)

On Android 12 via NFC none of keys seem to work though. When tested on the website linked above, all yield NotReadableError: An unknown error occurred while talking to the credential manager.

[nickray]

Finally making some progress on this. Underlying issue is that the current firmware uses way too much stack memory and hard faults in some situations (namely, USB interrupt during FIDO processing). With current firmware, when this happens, the only approach is replugging the device (so it gets out of hard fault) and try again "fast enough". But the next firmware release should fix this properly.

[burtek]

Finally some good news! Is there any ETA for the next firmware? This is kind of a big thing so hopefully we can expect one sooner than later?

[jasperweiss]

Is there a fix for this yet?

[cpainchaud]

I am looking for a fix too !

[alexjmoore]

Also seeing this issue.

[pbl987]

Me too.

[burtek]

Honestly, at this stage I'm starting to think about ditching Solo and getting Yubi. The keys are almost unusable for me...

[jasperweiss]

There's been absolutely no activity on this repository since march @conorpp?

[ElectronicWar]

The currently available firmware (via solo2-cli) is usable and allows U2F/WebAuthn to properly work on Windows (I use it multiple times a week). You may have to be a bit quick to touch your key, but that's about it. Make sure you're running version 20200101.9 and the key should at least ready for everday usage.

An updated firmware is worked on that solves the timeout issue but it's currently not stable enough to publish (breaks NFC). While I don't like the long delays with the firmware updates either, it's not horribly broken at least.

[cpainchaud]

The currently available firmware (via solo2-cli) is usable and allows U2F/WebAuthn to properly work on Windows (I use it multiple times a week). You may have to be a bit quick to touch your key, but that's about it. Make sure you're running version 20200101.9 and the key should at least ready for everday usage.

An updated firmware is worked on that solves the timeout issue but it's currently not stable enough to publish (breaks NFC). While I don't like the long delays with the firmware updates either, it's not horribly broken at least.

I tried everything, plug/replug/touch immediatly, dont touch ... sometimes it won't even notice it is there. Outside of 2FA with Github and Google, my key works for nothing else.

[burtek]

Honestly, at this stage I'm starting to think about ditching Solo and getting Yubi. The keys are almost unusable for me...

New firmware didn't really help with websites support, though the key freezing/unresponsiveness issue seems to be fixed. I moved to Yubi at this stage, happy to give solo another shot in future once firmware is fixed

[pbl987]

Can i list somehow the key entries of the device? The sites where it is registered are not saved, if i recall correctly, but can i at least get the number of sites entries? That would help to unregister it.

[burtek]

The sites where it is registered are not saved, if i recall correctly

Imo they should be saved, that's how u2f works, isn't it? Unless I got something wrong

EDIT: only if the keys are stored on device that is. If the keys are not stored (which is most cases), there is nothing on the device about it, so no count either

[pbl987]

i tried

solo2 app oath list

(which is empty)

[Dennis1000]

The new firmware solved this one for me. I had to reset the security key in windows 11 (was asked for a pin, but never had set up one for this key) after the firmware update.