2FA login on web sites does not work with Firefox (Linux)
2FA login on sites works with Chromium but NOT WITH Firefox (Linux)
Present setup:
Does NOT work firefox 102.7.0esr on debian 11.6 bullseye 5.10.162-1 (x86-64) firefox 110.0 on Ubuntu MATE 22.04 LTS 5.15.0-58 (x86-64)
Works chromium 109.0.5414.119 on debian 11.6 bullseye 5.10.162-1 (x86-64)
I am able to register and authenticate with security devices Yubikey NEO (without FIDO2) and Yubikey 5 NFC (FIDO2 compliant) on several sites (eg. pypi, google..) using Chrome or Chromium but now not with Firefox at all. It has not worked for at least the last few updates. Changing settings in about:config or plugging/unplugging keys, stopping every Firefox plugin etc. don't help. Neither does a fresh Firefox install without any super-security-settings.
Testing sites like Yubico's own or Okta's works fine using Chromium but not Firefox.
From what I can see this is not especially related to FIDO2 (Webauthn). pypi seems to use U2F which should work just fine with Firefox since way back.
I haven't tested Firefox for Windows but Chrome browser for Windows 10 works fine (which I tested first when Firefox didn't cut the mustard), I therefore expect it to work also on Chrome browser for Linux. Just to check if this was related to a debian bullseye package, I tested it on Ubuntu MATE too, which didn't do the trick. Haven't done any more testing than that on MATE.
This seems like a strictly firefox problem. -What to do?
Yours, Kaare
Vahaolana nofidina
If it wasn't a coincidence, one time in-and-out of firefox safe mode via the CLI
$ firefox -safe-mode
did the trick. Now suddenly 2FA login work like it should. Not sure if it's Webauthn CTAP1 or CTAP2. All extensions, plugins, profiles and settings active too.
Kaare
Hamaky an'ity valiny ity @ sehatra 👍 1All Replies (4)
It seems like the only working 2FA on Firefox with a USB token now is OTP
Kaare
Vahaolana Nofidina
If it wasn't a coincidence, one time in-and-out of firefox safe mode via the CLI
$ firefox -safe-mode
did the trick. Now suddenly 2FA login work like it should. Not sure if it's Webauthn CTAP1 or CTAP2. All extensions, plugins, profiles and settings active too.
Kaare
Yes that works. Except every time I want to use Fido2 (Yubikey) with Firefox I first need to open it in safe mode. Not really a solution but a (clumsy) workaround.
Andre
Did some further testing and got some interesting results. I have multiple profiles. When I just click on the Firefox icon and use the last used profile, Fido2 doesn't work.
When I click on the Firefox icon with "use the selected profile without asking at startup" disabled Fido2 doesn't work either.
When I open a terminal window and type "firefox -p" and then select a profile Fido2 works. Go figure...
Andre Linux Mint 21.1, Firefox 110.1