Hacker News new | past | comments | ask | show | jobs | submit login

> That said I switched to firefox and this (and lack of U2F 2nd factor auth) is the only pain point so far

You should be able to flip "security.webauth.u2f" depending on your release channel. If not available yet, I think it will be soon in any case.




I wouldn't do that right now.

It's available, and it works for some sites (Github), but not Duo or Google or most sites.

The reason behind this isn't Firefox's fault, Google has a js u2f library that they've written that relies on implementation specific details. It's not easy for Firefox to switch over to that particular unspecced behavior, nor should it, really, so you need to wait for Google to fix it and consumers to pull it in.

Usually the effect of this is that yubikey login doesn't work on some sites, however a couple weeks ago it went to the level that GMail login didn't work at all; it would log you in and show the progress bar and get stuck there (without even throwing up a JS error)


None of the sites where I've been using U2F works.

Some/many sites are sniffing the user agent.

And as far as I have googled, there may be a bug in Mozilla's implementation (or maybe a different interpretation of the standard) that they are currently fixing.


It's not a bug in Mozilla's implementation.

Google has a JS u2f library that relies on an implementation specific detail of Chrome's U2F impl. Lots of folks use this library.


Hm, that's not good. Is that implementation detail something Mozilla might replicate?


Not easily IIRC. Google is aware of that bug so I think we're going to just wait.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: