[grandsham]

I am slightly disappointed that this doesn't work in Firefox, despite the fact that I have an add-on[1] installed to add U2F support. Github for instance is able to detect U2F support and let me use it.

That said, I understand the lack of support since I am an extremely small niche, and this did prompt me to finally add 2FA to facebook (U2F and code generation from my Yubikey Neo)

[1] https://addons.mozilla.org/en-US/firefox/addon/u2f-support-a...

[artursapek]

I don't understand how it has taken them so long to add it natively... they just shipped FLAC audio support but still don't care about U2F?

[callahad]

Barring unforeseen complications, U2F support should land in stable Firefox this year.

The tree of bugs to follow is rooted at https://bugzilla.mozilla.org/show_bug.cgi?id=1065729

[cesarb]

FLAC audio support is simpler, it's just adding a self-contained FLAC decoding library, and wiring it to the already-existing audio code.

For U2F, they have to write code to interact with the operating system USB API (for each operating system), plus the main U2F code, plus a Javascript API, all while taking care to not cause any new privacy leaks or worse.

If you want to follow, the main bugzilla item seems to be this one: https://bugzilla.mozilla.org/showdependencytree.cgi?id=10657...

[wahern]

The USB part is the simplest part. U2F uses USB HID for messaging. That's probably less complicated than using the D-Bus interface. And anyhow there's probably already an open source library for U2F USB HID clients. Mozilla will probably use whatever Chrome is using.

The real complexity is in exposing the interfaces through Javascript and orchestrating all the GUI components. In fact, U2F doesn't even require a hardware token. It was designed so browsers could implement everything in software to hasten adoption.

[baq]

holy crap.

   Reported:	2014-09-10 16:07 PDT by Axel Nennker
   Modified:	2017-01-26 08:24 PST (History)
   CC List:	419 users (show)

[mtgx]

Yeah, Google implemented it in Chrome in 2014...I guess it's just not a high priority for Mozilla right now.

[Freak_NL]

Facebook engineers responded to this in the U2F issue on the Firefox issue tracker. It turns out that for this particular technology determining whether or not your browser supports U2F is not yet feasible, so they resort to user agent sniffing. You can use Firefox with the third party plugin if you spoof the user agent to Chrome.

[fulafel]

The comment said they could detect it but they are doing user agent sniffing because it's how their code already worked.

"Doing feature-detection of a U2F API instead of User Agent sniffing would have required additional engineering effort due to how our system already works" (https://bugzilla.mozilla.org/show_bug.cgi?id=1065729#c264)

[willlll]

I just implemented U2F, and it's a bit of a pain to detect that the plugin is there. You have to load the real u2f js, then check if functions on the u2f object that are normally there aren't anymore, since the firefox plugin strips all of them off but 2. Doable, but a pain.

[secalex]

Firefox will be supported after they land support in release builds.