How to use YubiKey as 2FA with discourse in Firefox

support
#1

Seemingly simple task of adding a Yubikey for 2FA, but I’m failing to do so and I’m heavily confused by all this new stuff.

  • How do I need to configure my Yubikey?
    • OTP?
      • Yubico OTP?
      • Challenge Response?
      • Static Password?
      • OATH-HOTP? → tried that with Firefox, got back The attestation format is not supported by the server.
    • FIDO2?
  • Which browser do I need to use?
    • Firefox?
    • Chrome?
    • Some other browser?
1 Like
#2

Hmm, you shouldn’t need to configure anything. Try the following:

  1. Plug your Yubikey into your USB port
  2. Navigate to /my/preferences/second-factor on your site
  3. Select the Add Security Key button
  4. Give the key a name if you wish and select the Register button
  5. “Touch” your Yubikey

It should work on Safari, Firefox, and Chrome. It should also work on mobile if you have a compatible device and a Yubikey with NFC.

2 Likes
#3

Got it to work with Chrome and OATH-HOTP.
Didn’t try further on Firefox.

Hmmm… interesting.
I need a spare key anyways, so I will try again, also with FF.

1 Like
#4

Tried today to enable 2FA for meta.discourse.org via FF 84.0.2 as already described above. Same error message.

Tried the same on Chrome 88.0.4324.96 → instant success.

Googling for The attestation format is not supported by the server. results in 4 findings, all related to the discourse source code. Seems like nobody else had this problem yet… :frowning:

Interesting: When in FF in Private Mode, 2FA login works.

Edit:
Tried again a dozen times, disabled FF addons and scriptblocker, tried private mode browsing as described above, and 2FA is working in FF.

Strange thing is: After re-enabling FF addons and scriptblocker, 2FA is still working.

Anyways, it is working, I’m happy, case closed :slight_smile:

3 Likes
#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.