Major problem with 2FA and Yubikey

moonpup
moonpup
Community Member

Don't ask why... but I deleted my previous account after making a pux file backup and created a new account.

After creating my new account and signing back in, I added my two Yubikeys as my 2FA method.

Now, here's where the problem is... I then downloaded 1Password 8 for MacOS and the Firefox plugin. I went through the install process and as expected, I have to login via the desktop app. So I imported my new recovery PDF file and typed in my password. After clicking login, it prompts for my Yubikey (see screenshot) my Yubikey lights up, so I tap the key and nothing happens. I wait a bit and then tap it again... no joy. I can't login to activate the desktop app or browser plugin.

I can still login via the web vault, but not the desktop app or browser plugin. As a test, I removed my Yubikeys via the web vault and I can now login via both the desktop app and plugin. What is going here? Why are my Yubikeys no longer working?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • moonpup
    moonpup
    Community Member

    As a quick update, after getting the desktop app and browser plugin logged backed in, I re-added my Yubikeys and I get the prompt to save them as a passkey (which I don't want) but this time, it shows both my old and new account to select from... ugh!

    So I select my new account to use Yubikey by clicking the key icon in the upper right, and when it asks me to tap the key... nothing happens... something is cached on my Mac that is breaking this.

  • Hello @moonpup! 👋

    I'm sorry that you're running into issues with authentication when adding your new account to the 1Password for Mac app. The old account suggestion that you're seeing in the 1Password app on your Mac is being shown because the 1Password app has found that 1Password account in your iCloud Keychain. In order to make it easier to sign into your 1Password account on your Apple devices 1Password will store an encrypted copy of the equivalent of your Emergency Kit in the iCloud Keychain.

    If you have an account being found in the details stored in iCloud, and you no longer want that account to show in the list of found accounts, you can remove the data from iCloud keychain using these steps:

    1. On the Mac, launch the "Keychain Access" utility that comes with macOS. If you see a prompt asking you to manage your passwords in System Settings, click “Open Keychain Access”.
    2. In the search box in the upper-right corner of the app, search for "com.agilebits.onepassword.b5" (without the quote marks)
    3. Each search result you see is one account's details that are stored in iCloud Keychain
    4. Double-click on the entry you want to examine
    5. Tick the "Show password" box at the bottom of the Attributes tab, and enter your macOS user password when prompted
    6. The contents of the box will show the stored account details - you can click into the box and use the up and down keys on your keyboard to see all of the details
    7. When you have identified the entry that relates to the specific membership you no longer want to have recorded in iCloud Keychain, delete that one com.agilebits.onepassword.b5Credentials entry

    So I select my new account to use Yubikey by clicking the key icon in the upper right, and when it asks me to tap the key

    This definitely isn't right and we do have a known issue where security keys registered using Firefox can fail to work with the desktop app. Our developers are investigating. If you used Firefox to register the security keys then can you remove them from your 1Password account and try to use a different browser like Safari or Chrome to register the keys?

    Let me know if they work once you've done that.

    -Dave

    ref: dev/core/core#27958

  • moonpup
    moonpup
    Community Member

    Hi again @Dave_1P !

    Nice to hear from you!

    OK, so I completely uninstalled everything, including the Keychain entry and re-installed. This time around I used Safari to login and setup the Yubikeys. This time it worked! So, I de-authorized the Desktop app signed back in. This time when it prompted for the Yubikey, it worked. Fantastic!!! Thanks again!

  • Dave_1P
    edited March 8

    @moonpup

    Nice to hear from you again as well! I'm happy that registering the security keys using Safari worked, hopefully the issue that occurs when registering security keys using Firefox will be resolved soon. I've let the team know that you were affected by the bug.

    -Dave

    ref: dev/core/core#27958

This discussion has been closed.