Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Natao arisiva ity resaka mitohy ity. Mametraha fanontaniana azafady raha mila fanampiana.

2FA login on web sites does not work with Firefox (Linux)

  • 4 valiny
  • 3 manana an'ity olana ity
  • 1 view
  • Valiny farany nomen'i 71z1b7qb

more options

2FA login on sites works with Chromium but NOT WITH Firefox (Linux)

Present setup:

Does NOT work firefox 102.7.0esr on debian 11.6 bullseye 5.10.162-1 (x86-64) firefox 110.0 on Ubuntu MATE 22.04 LTS 5.15.0-58 (x86-64)

Works chromium 109.0.5414.119 on debian 11.6 bullseye 5.10.162-1 (x86-64)

I am able to register and authenticate with security devices Yubikey NEO (without FIDO2) and Yubikey 5 NFC (FIDO2 compliant) on several sites (eg. pypi, google..) using Chrome or Chromium but now not with Firefox at all. It has not worked for at least the last few updates. Changing settings in about:config or plugging/unplugging keys, stopping every Firefox plugin etc. don't help. Neither does a fresh Firefox install without any super-security-settings.

Testing sites like Yubico's own or Okta's works fine using Chromium but not Firefox.

From what I can see this is not especially related to FIDO2 (Webauthn). pypi seems to use U2F which should work just fine with Firefox since way back.

I haven't tested Firefox for Windows but Chrome browser for Windows 10 works fine (which I tested first when Firefox didn't cut the mustard), I therefore expect it to work also on Chrome browser for Linux. Just to check if this was related to a debian bullseye package, I tested it on Ubuntu MATE too, which didn't do the trick. Haven't done any more testing than that on MATE.

This seems like a strictly firefox problem. -What to do?

Yours, Kaare

2FA login on sites works with Chromium but NOT WITH Firefox (Linux) Present setup: Does NOT work firefox 102.7.0esr on debian 11.6 bullseye 5.10.162-1 (x86-64) firefox 110.0 on Ubuntu MATE 22.04 LTS 5.15.0-58 (x86-64) Works chromium 109.0.5414.119 on debian 11.6 bullseye 5.10.162-1 (x86-64) I am able to register and authenticate with security devices Yubikey NEO (without FIDO2) and Yubikey 5 NFC (FIDO2 compliant) on several sites (eg. pypi, google..) using Chrome or Chromium but now not with Firefox at all. It has not worked for at least the last few updates. Changing settings in about:config or plugging/unplugging keys, stopping every Firefox plugin etc. don't help. Neither does a fresh Firefox install without any super-security-settings. Testing sites like Yubico's own or Okta's works fine using Chromium but not Firefox. From what I can see this is not especially related to FIDO2 (Webauthn). pypi seems to use U2F which should work just fine with Firefox since way back. I haven't tested Firefox for Windows but Chrome browser for Windows 10 works fine (which I tested first when Firefox didn't cut the mustard), I therefore expect it to work also on Chrome browser for Linux. Just to check if this was related to a debian bullseye package, I tested it on Ubuntu MATE too, which didn't do the trick. Haven't done any more testing than that on MATE. This seems like a strictly firefox problem. -What to do? Yours, Kaare

Vahaolana nofidina

If it wasn't a coincidence, one time in-and-out of firefox safe mode via the CLI

$ firefox -safe-mode

did the trick. Now suddenly 2FA login work like it should. Not sure if it's Webauthn CTAP1 or CTAP2. All extensions, plugins, profiles and settings active too.

Kaare

Hamaky an'ity valiny ity @ sehatra 👍 1

All Replies (4)

more options

It seems like the only working 2FA on Firefox with a USB token now is OTP

Kaare

more options

Vahaolana Nofidina

If it wasn't a coincidence, one time in-and-out of firefox safe mode via the CLI

$ firefox -safe-mode

did the trick. Now suddenly 2FA login work like it should. Not sure if it's Webauthn CTAP1 or CTAP2. All extensions, plugins, profiles and settings active too.

Kaare

more options

Yes that works. Except every time I want to use Fido2 (Yubikey) with Firefox I first need to open it in safe mode. Not really a solution but a (clumsy) workaround.

Andre

more options

Did some further testing and got some interesting results. I have multiple profiles. When I just click on the Firefox icon and use the last used profile, Fido2 doesn't work.

When I click on the Firefox icon with "use the selected profile without asking at startup" disabled Fido2 doesn't work either.

When I open a terminal window and type "firefox -p" and then select a profile Fido2 works. Go figure...

Andre Linux Mint 21.1, Firefox 110.1