I have a client that forced 2-factor authentication for staff. They have a staging site that restores backups from the production site.
My security key won’t work on the staging site, but Google Authenticator codes will.
I don’t know if this is a feature, a bug, or something about how security keys work.
Can you define what you mean when you say security keys “won’t work”? Do you get any errors? Can you add security keys in your second factor preferences successfully? Is the problem with using them on login?
Sorry. That wasn’t very helpful.
“Try a different security Key. You’re using a security key that’s not registered with this website”. I guess maybe that’s coming from Chrome and it remembered the hostname of the production server?
Thanks for that, makes perfect sense. Security keys as per the specification are tied to a single hostname as the “Relaying Party”, so keys defined in production will not work for staging.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.