Hacker News new | ask | show | jobs
by drdaeman 2740 days ago
"Yubikey support" is a meaningless phrase, anyway.

Bitwarden supports 2FA with Yubico OTP - although there's a bug so it works only for QWERTY layouts. Or you can use Yubikey's static password feature for your master password, I guess.

There's also OpenPGP Card and PIV, which, to my knowledge, is not used/supported by any password manager software except for `pass` and some compatible implementations.
1 comments
dmoy 2740 days ago
No u2f support? :(
link
village-idiot 2740 days ago
U2f support is badly hampered by half-assed browser support. Only chrome enables it by default, Firefox disables it by default, and no love from safari. Even LastPass in the browser uses yubico’s proprietary otp algorithm rather than u2f.
link
microtonal 2740 days ago
It seems that Apple is working to add support for hardware tokens. It is all a bit vague, but the latest Safari Preview notes state [1]:

Added support for CTAP HID authenticators on macOS

It also gives me "Web Authentication" under "Experimental features" in the Develop menu.

https://developer.apple.com/safari/technology-preview/releas...

link
sebazzz 2740 days ago
Isn't that WebAuthn suppport? That is different from U2F.
link
tialaramex 2740 days ago
Yes and no. U2F is basically the MVP of WebAuthn. If you're doing this today you should ignore U2F and just implement WebAuthn.

Firefox has WebAuthn out of the box, and there's a hack behind a pref to half-arse U2F if you still need that.

link
StavrosK 2740 days ago
It doesn't, though. I've been trying to implement WebAuthn and, as far as I know, CTAP 2 doesn't work on any browser yet.
link
dbrgn 2739 days ago
U2F support in Firefox should work out of the box if the developers use the WebAuthn API and not the old JS library: https://hacks.mozilla.org/2018/01/using-hardware-token-based...
link
village-idiot 2739 days ago
That was not my experience on google and github.
link
jik 2739 days ago
Google and Github both built their U2F support for Firefox before WebAuthn was released, and as you've pointed out, the U2F support in Firefox is gated out by default. Presumably Google, Github, and other companies that coded to U2F will migrate to WebAuthn eventually.
link