I received my Nitrokey 3C NFC and currently add the security key to my accounts. I’m using Firefox 94.0 on Ubuntu 21.10.
I could add the key to all sites (e.g., Cloudflare, Github, Gitlab, etc.) as expected, only Google 2FA does not want to cooperate.
When I click on “ADD SECURITY KEY” in “2-Step Verification”, I’m asked to insert the key and then tap it (this is when the green lamp turns green/orange(?)), and after the tap I only get “Something went wrong. Try again.”
If I try to add the key on my Android phone in the same dialog using NFC, I get the same error message.
I also used https://webauthn.bin.coffee/ to check whether everything is working, and it indeed works: Create Credential and Get Assertion gives me all green.
I have not even managed to set up 2fa with nitrokey and youtube. I can’t get a code even manually from them it seems like??? Their policies might suck big time…
Can’t they even share a 2fa key? I think their goal is to get peoples phone numbers so they want “2fa” with phone numbers. The most lame security ever!
Useryoutube1984
Google and MS should work with the latest update NK3 firmware update. Please watch out, as the current FIDO registrations will probably stop working. See below for more information:
I am still unable to enroll my key to google after the 1.0.1 update, I just get “Something went wrong. Try again” like before. MS works though, as does systemd-cryptenroll which did not work prior to the update.
Can you tell which browser do you use, or check different browser?
I remember I was testing Google with Chromium. Firefox might not be supported with Google at all.
Upgraded firmware to v1.0.1. All FIDO registrations stopped working. Registering the key on Google with Chromium 97.0.4692.99 and Firefox 96.0 still does not work (tried with and without Google Advanced Protection Program logins).
Difference between FF and Chromium is that
Firefox immediately errs out with “Something went wrong. Try again”, while
Chromium first shows “Insert your security key and touch it”, then I have to touch the NK3 multiple times until a new box shows up with “Allow this site to see your security key?” and then I click on “Allow”.
Result is the same: “Something went wrong. Try again”.
@teakay
It works on my side on Linux, though I have not replayed your case ideally (details in the ticket). Looking further. @egraven
I plan to follow later with Firefox tests.
Edit: Firefox 95 on Linux works for me for registering and logging in. Will check further.
Can you both remind me please, which OS are you using? If it is Windows, please provide build number / release name as well.
@teakay I have looked into that yesterday, and it seems the cause is somewhere else. Another firmware update will be required, but reset operation should not.
For the future, these are the docs for the reset operation, which recreates all the keys on the device, thus losing all registration info:
Google are terrible. They could just gave me the base32 key or what it’s called. That is real 2fa. Then i could set it up on any nitrokey! They don’t even offer that key anymore right? They used to in a video i watched. I have not been able to set up 2fa on youtube with nitrokey pro 2 even… should be easy! They made that hard.
Adding a new key for Microsoft accounts (office.com etc.) does not work in firmware 1.0.3
I managed to add some keys with firmware 1.0.1 and I still can login, but adding a new key based on firmware 1.0.3 is not possible.
