Yubico Forum
https://forum.yubico.com/

Login Facebook with NFC do not work
https://forum.yubico.com/viewtopic.php?f=33&t=2805
Page 1 of 1

Author:  MacGyver [ Fri Dec 15, 2017 3:27 am ]
Post subject:  Login Facebook with NFC do not work

Hi!

I try to login Facebook with mi Yubikey NEO trought NFC in my phone with Andorid and Chrome (in desktop view mode) but do not work. Chrome open a new tab and navigate to yubico site and show me this message "Authentication failed! Authentication was not successfull!" and I can't login on Facebook. How can I fix it?

Thanks a lot

A hug to all

Author:  ChrisHalos [ Fri Dec 15, 2017 7:02 am ]
Post subject:  Re: Login Facebook with NFC do not work

install Google Authenticator and try again

If that doesn't work, make sure your NEO is at least firmware 3.4.0 (any NEO purchased from mid-2015 on), and of course that the NEO is registered to your Facebook account.

Author:  MacGyver [ Fri Dec 15, 2017 7:11 am ]
Post subject:  Re: Login Facebook with NFC do not work

Hi,

Thanks for fast reply. The firmware version is 3.4.3 and the yubikey is registered in my Facebook account. Google Authenticator is installed in your last version but still don't work. What can i do?

Thanks a lot.

Author:  ChrisHalos [ Fri Dec 15, 2017 8:29 pm ]
Post subject:  Re: Login Facebook with NFC do not work

The only other thing I can tell you is to make sure you're logging in through Chrome. The Facebook app doesn't support U2F.

correction: Facebook only recognizes firmware 3.4.6 for mobile login (when transport hints were added to the U2F spec), so facebook essentially doesn't believe your key is capable of NFC. All I can suggest is to contact Facebook to request they don't restrict based on transport hints - https://www.yubico.com/support/knowledg ... k-android/

Author:  MacGyver [ Fri Dec 15, 2017 9:38 pm ]
Post subject:  Re: Login Facebook with NFC do not work

ChrisHalos wrote:
The only other thing I can tell you is to make sure you're logging in through Chrome. The Facebook app doesn't support U2F.

correction: Facebook only recognizes firmware 3.4.6 for mobile login (when transport hints were added to the U2F spec), so facebook essentially doesn't believe your key is capable of NFC. All I can suggest is to contact Facebook to request they don't restrict based on transport hints - https://www.yubico.com/support/knowledg ... k-android/


Hi,

Thanks for your reply. What is exactly should say to Facebook?

A hug.

Author:  ChrisHalos [ Sat Dec 16, 2017 12:48 am ]
Post subject:  Re: Login Facebook with NFC do not work

We implemented the transport hints starting in NEO firmware 3.4.6 (after the FIDO U2F v1.1 specification was released - before this, any device wouldn't implement this feature).
There are pros and cons to using transport hints on the service-side:

Pro:
* If the device was released after v1.1 of the spec was published (and the device vendor decided to implement this), the service can tell which transport protocols your device supports (USB, NFC, BLE). In this scenario, the service (Facebook in this case) knows the devices capabilities, and when attempting to log in from an Android device, the service knows if your device will work in that scenario. If the device doesn't support NFC, then Facebook won't ask for your U2F device - it'll ask for your backup method. It actually works great, for example, if you have a FIDO U2F Security Key or a YubiKey 4 (which don't support NFC) - it knows the device can't be used in that scenario and it falls back to the backup method.

Con:
* Transport hints, while it was added in v1.1 of the specification, it is not REQUIRED by the device manufacture. It is optional. So even now, a U2F device manufacturer doesn't have to include transport hints. Since Facebook uses transport hints to determine whether your device is capable of communicating over NFC, any device that doesn't implement this optional feature of the specification cannot be used over NFC.
*Any device manufactured before v1.1 of the specification was released obviously won't use transport hints, so it can't be used to log into a Facebook account over NFC.

In my opinion, the best way for the service to handle this is to:
(1) use transport hints to determine which communication protocol is supported by the device
(2) give users an option in their Security Key settings of their account to override this option, i.e. confirm that their device(s) supports NFC or BLE.

Author:  MacGyver [ Sat Dec 16, 2017 2:48 am ]
Post subject:  Re: Login Facebook with NFC do not work

ChrisHalos wrote:
We implemented the transport hints starting in NEO firmware 3.4.6 (after the FIDO U2F v1.1 specification was released - before this, any device wouldn't implement this feature).
There are pros and cons to using transport hints on the service-side:

Pro:
* If the device was released after v1.1 of the spec was published (and the device vendor decided to implement this), the service can tell which transport protocols your device supports (USB, NFC, BLE). In this scenario, the service (Facebook in this case) knows the devices capabilities, and when attempting to log in from an Android device, the service knows if your device will work in that scenario. If the device doesn't support NFC, then Facebook won't ask for your U2F device - it'll ask for your backup method. It actually works great, for example, if you have a FIDO U2F Security Key or a YubiKey 4 (which don't support NFC) - it knows the device can't be used in that scenario and it falls back to the backup method.

Con:
* Transport hints, while it was added in v1.1 of the specification, it is not REQUIRED by the device manufacture. It is optional. So even now, a U2F device manufacturer doesn't have to include transport hints. Since Facebook uses transport hints to determine whether your device is capable of communicating over NFC, any device that doesn't implement this optional feature of the specification cannot be used over NFC.
*Any device manufactured before v1.1 of the specification was released obviously won't use transport hints, so it can't be used to log into a Facebook account over NFC.

In my opinion, the best way for the service to handle this is to:
(1) use transport hints to determine which communication protocol is supported by the device
(2) give users an option in their Security Key settings of their account to override this option, i.e. confirm that their device(s) supports NFC or BLE.


I understand. The topic is that I spent 60 Dollars in a security key and I can't use it to login facebook over NFC. Talk with Facebook is impossible, only users forums is available, and upgrade Yubikey firm is impossible. Incredible.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/