Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:00 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Fri Dec 15, 2017 3:27 am 
Offline

Joined: Sun Dec 10, 2017 6:37 am
Posts: 5
Hi!

I try to login Facebook with mi Yubikey NEO trought NFC in my phone with Andorid and Chrome (in desktop view mode) but do not work. Chrome open a new tab and navigate to yubico site and show me this message "Authentication failed! Authentication was not successfull!" and I can't login on Facebook. How can I fix it?

Thanks a lot

A hug to all


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Dec 15, 2017 7:02 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
install Google Authenticator and try again

If that doesn't work, make sure your NEO is at least firmware 3.4.0 (any NEO purchased from mid-2015 on), and of course that the NEO is registered to your Facebook account.


Top
 Profile  
Reply with quote  
PostPosted: Fri Dec 15, 2017 7:11 am 
Offline

Joined: Sun Dec 10, 2017 6:37 am
Posts: 5
Hi,

Thanks for fast reply. The firmware version is 3.4.3 and the yubikey is registered in my Facebook account. Google Authenticator is installed in your last version but still don't work. What can i do?

Thanks a lot.


Top
 Profile  
Reply with quote  
PostPosted: Fri Dec 15, 2017 8:29 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
The only other thing I can tell you is to make sure you're logging in through Chrome. The Facebook app doesn't support U2F.

correction: Facebook only recognizes firmware 3.4.6 for mobile login (when transport hints were added to the U2F spec), so facebook essentially doesn't believe your key is capable of NFC. All I can suggest is to contact Facebook to request they don't restrict based on transport hints - https://www.yubico.com/support/knowledg ... k-android/


Top
 Profile  
Reply with quote  
PostPosted: Fri Dec 15, 2017 9:38 pm 
Offline

Joined: Sun Dec 10, 2017 6:37 am
Posts: 5
ChrisHalos wrote:
The only other thing I can tell you is to make sure you're logging in through Chrome. The Facebook app doesn't support U2F.

correction: Facebook only recognizes firmware 3.4.6 for mobile login (when transport hints were added to the U2F spec), so facebook essentially doesn't believe your key is capable of NFC. All I can suggest is to contact Facebook to request they don't restrict based on transport hints - https://www.yubico.com/support/knowledg ... k-android/


Hi,

Thanks for your reply. What is exactly should say to Facebook?

A hug.


Top
 Profile  
Reply with quote  
PostPosted: Sat Dec 16, 2017 12:48 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
We implemented the transport hints starting in NEO firmware 3.4.6 (after the FIDO U2F v1.1 specification was released - before this, any device wouldn't implement this feature).
There are pros and cons to using transport hints on the service-side:

Pro:
* If the device was released after v1.1 of the spec was published (and the device vendor decided to implement this), the service can tell which transport protocols your device supports (USB, NFC, BLE). In this scenario, the service (Facebook in this case) knows the devices capabilities, and when attempting to log in from an Android device, the service knows if your device will work in that scenario. If the device doesn't support NFC, then Facebook won't ask for your U2F device - it'll ask for your backup method. It actually works great, for example, if you have a FIDO U2F Security Key or a YubiKey 4 (which don't support NFC) - it knows the device can't be used in that scenario and it falls back to the backup method.

Con:
* Transport hints, while it was added in v1.1 of the specification, it is not REQUIRED by the device manufacture. It is optional. So even now, a U2F device manufacturer doesn't have to include transport hints. Since Facebook uses transport hints to determine whether your device is capable of communicating over NFC, any device that doesn't implement this optional feature of the specification cannot be used over NFC.
*Any device manufactured before v1.1 of the specification was released obviously won't use transport hints, so it can't be used to log into a Facebook account over NFC.

In my opinion, the best way for the service to handle this is to:
(1) use transport hints to determine which communication protocol is supported by the device
(2) give users an option in their Security Key settings of their account to override this option, i.e. confirm that their device(s) supports NFC or BLE.


Top
 Profile  
Reply with quote  
PostPosted: Sat Dec 16, 2017 2:48 am 
Offline

Joined: Sun Dec 10, 2017 6:37 am
Posts: 5
ChrisHalos wrote:
We implemented the transport hints starting in NEO firmware 3.4.6 (after the FIDO U2F v1.1 specification was released - before this, any device wouldn't implement this feature).
There are pros and cons to using transport hints on the service-side:

Pro:
* If the device was released after v1.1 of the spec was published (and the device vendor decided to implement this), the service can tell which transport protocols your device supports (USB, NFC, BLE). In this scenario, the service (Facebook in this case) knows the devices capabilities, and when attempting to log in from an Android device, the service knows if your device will work in that scenario. If the device doesn't support NFC, then Facebook won't ask for your U2F device - it'll ask for your backup method. It actually works great, for example, if you have a FIDO U2F Security Key or a YubiKey 4 (which don't support NFC) - it knows the device can't be used in that scenario and it falls back to the backup method.

Con:
* Transport hints, while it was added in v1.1 of the specification, it is not REQUIRED by the device manufacture. It is optional. So even now, a U2F device manufacturer doesn't have to include transport hints. Since Facebook uses transport hints to determine whether your device is capable of communicating over NFC, any device that doesn't implement this optional feature of the specification cannot be used over NFC.
*Any device manufactured before v1.1 of the specification was released obviously won't use transport hints, so it can't be used to log into a Facebook account over NFC.

In my opinion, the best way for the service to handle this is to:
(1) use transport hints to determine which communication protocol is supported by the device
(2) give users an option in their Security Key settings of their account to override this option, i.e. confirm that their device(s) supports NFC or BLE.


I understand. The topic is that I spent 60 Dollars in a security key and I can't use it to login facebook over NFC. Talk with Facebook is impossible, only users forums is available, and upgrade Yubikey firm is impossible. Incredible.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group