U2F keys in Firefox

aliencam · ‎12-27-2017

When will duo support u2f keys in Firefox? A yubikey has worked in firefox for months using an add-on, and with firefox 57 released a few weeks ago the u2f support is native; it works with many 2fa systems but not yet with duo.

the current message is:
“Your browser does not support U2F token authentication.
Please use a U2F compatible browser.”

i have heard of people using a user-agent switcher to spoof chrome, then supposedly duo will work with u2f keys, but i have not tested this and prefer not to use this regularly.

thanks!

DuoKristina · ‎01-02-2018

We are aware of Firefox’s native U2F support and plan to support it for authentication (but I can’t give you a specific date).

Duo, not DUO.

aliencam · ‎01-03-2018

Great, thanks! good to hear it’s on the horizon.

blueboy · ‎01-18-2018

Yes, my university rolled out Duo, and I’m anxiously awaiting the ability to use Firefox with my yubikey U2F device

rwl1 · ‎03-26-2018

Me too. I’m glad to hear that Firefox support is coming!

Dooley · ‎03-27-2018

Quick update here, as I know this is a popular feature request:

Firefox has a different implementation of U2F compared to Chrome with a newer protocol, and we are working on a project to implement support for that protocol universally across Chrome and Firefox. There is still not a guaranteed release date for Firefox U2F support, but we are looking at an ETA of mid-to-late 2018.

colohost · ‎01-16-2019

Can you elaborate on this difference? So far websites I’ve accessed that implement FIDO2 have worked with the same Yubi 5 in Chrome and Firefox.

ps_jf · ‎07-25-2018

@DuoKristina @Dooley Any updates on this feature? Is there a way we can track its development?

FWIW, the issue is also tracked on Bugzilla here: https://bugzilla.mozilla.org/show_bug.cgi?id=1340738

Thanks!

DuoKristina · ‎07-26-2018

Security key support in Firefox is on our active roadmap, with more info to come before the end of the year.

Contact your Duo account executive or customer success manager for more information, or you may contact Duo Support and request to be added to the existing feature request (so you’ll be notified of status change).

Duo, not DUO.

kgbvax · ‎08-13-2018

How do i find my “customer success manager”?

DuoKristina · ‎08-14-2018

An assigned customer success manager is part of our Duo Care offering. If you had Duo Care and a CSM, you’d know.

I don’t know what organization you or most Community posters are with, so I mention the three usual contact points a Duo customer has with us in my replies. If you don’t have a CSM or AE, contact Duo Support.

Duo, not DUO.

blueboy · ‎09-12-2018

Can’t wait to start using U2F in Firefox with duo, hoping this is still on track for a “mid-to-late 2018” release

wel2138 · ‎01-17-2019

I’d just like to pile on to the queue of people clamoring for this feature. I’m a privacy-conscious Firefox user, and now that my university has mandated that we use Duo 2FA for logging in to our learning management system, I find it very frustrating to have to open Google Chrome from a disk image to log in.

As other people have said, I can use my YubiKey in Firefox just fine with other websites that implement U2F, so it’s pretty baffling to me that Duo still doesn’t support it.

Even worse, Duo used to work in Firefox if I set my User-Agent to Chrome on Windows, but something happened in the past 6 months to break that workaround too. The Firefox developers seem to think this problem stems from you guys trying to set a global variable that is read-only in Firefox’s API, but read-write in Chrome’s. I’m sure many Firefox users would appreciate it if you could perform that feature test in a different way, so that we all could continue using our browser of choice.

wel2138 · ‎01-31-2019

Is Duo just planning to wait on this until the W3C’s WebAuthn spec is implemented in all of the (commercially relevant) browsers?

wz2b · ‎03-07-2019

That just happened, so hopefully soon. Duo also doesn’t work with chrome on android. From what I can tell it really looks like the problem is with duo’s checks for browser type being too strict. For android, if you have something like a Yubikey 5 NFC, it really should work with android too. Hopefully soon.