Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1476
Views
0
Helpful
3
Replies

[recommendation] duo passcode prompt should be case insensitive

jdknight
Level 1
Level 1

‎10-23-2020 01:02 PM

It would be nice if the Duo passcode verification (using a USB security key) would accept a key which is case-insensitive. I find on multiple occasions that if I have the Caps Lock key set and when interacting with a Yubikey device, it generates an invalid key string since the generate key has an inverse casing.

Labels:
0 Helpful
3 Replies 3

DuoKristina
Cisco Employee
Cisco Employee

‎10-26-2020 11:38 AM

That’s interesting! My Yubikey (a 4c Nano) doesn’t appear to change the case of the generated OTP code when I have caps lock on. I don’t doubt it has happened though, because I see we have a KB article for it.

What model Yubikey do you have? With which Duo applications do you experience this? I tried the browser-based Duo Prompt, and logging into the Admin Panel, both from Chrome on a Mac.

Duo, not DUO.
0 Helpful

jdknight
Level 1
Level 1

‎10-26-2020 12:18 PM

@DuoKristina, the key itself does not have any specific model number listed on it (just a serial number), but the following USB device information can be queried (if that helps):

idVendor                 : 0x1050 (Yubico AB)
idProduct                : 0x0401
bcdDevice                : 0x0433
iManufacturer            : 0x01 (String Descriptor 1)
 Language 0x0409         : "Yubico"
iProduct                 : 0x02 (String Descriptor 2)
 Language 0x0409         : "Yubikey 4 OTP"

I currently use this with a corporate authentication process using a web browser (Chrome), where an iframe is used to connect to what it appears to be a duosecurity.com API endpoint:

https://a​pi-<omitted>.duosecurity.com/frame/juniper/v2/auth?<omitted>
0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to jdknight

‎10-27-2020 02:47 PM

That endpoint looks like you’re using our Pulse Secure/Juniper VPN integration. I gave that a try (from Chrome) and it’s not entering the OTP in caps when I have caps lock on (I tried both from my USB keyboard and from my Mac Book keyboard with everything other than the Yubikey disconnected).

2X_5_504425cc14ab1bcfa72f2dff052851f47f052253.gif

Maybe that is something configurable on the Yubikey?

Anyway, make sure to contact your Duo account exec or Duo Care customer success manager to share your feature request for case insensitivity on Yubikey OTP input. If you don’t have either of those, Duo Support can also create the feature request for you.

Duo, not DUO.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents