[AdmiralAsshat]

I've got two Yubikeys already (a Neo, and an older barebones Yubikey that I got as a gift for getting an Ars Technica subscription), but so far Gmail is the only account of mine that is protected by it.

One repeated problem I've run into so far is that Firefox can read the Yubikey when it's inserted but it can't add the Yubikey as a new device yet. I have to pull up Chrome/Chromium to do so. After my most recent laptop reformat I vowed never to install Chromium again, even temporarily, so, out of luck until Mozilla gets that fixed, I suppose.

[tialaramex]

If I understand correctly the problem you're seeing it's not a Mozilla bug

Although Google's site says "Your current browser doesn't support adding security keys" what they mean is "We don't care about any browsers except Chrome, it works in Chrome, just get Chrome". They don't implement the actual standard, even though they helped write it, because after all it works in Chrome™ as it is.

On sites that are built by somebody who actually cares about more than one browser, Firefox works just fine.

[AdmiralAsshat]

I wouldn't doubt that, although I ran into the same problem trying to register my Yubikey on GitHub as well. Could well be another "Built to Chrome spec, not the standard spec," I suppose.

[tialaramex]

Ah, for sites using U2F rather than WebAuthn you may (depending on Firefox version) need to explicitly tell Firefox to emulate the old U2F APIs.

https://support.yubico.com/support/solutions/articles/150000...

https://blog.mozilla.org/security/2019/04/04/shipping-fido-u...

My GitHub has two Security Keys registered via Firefox this way.

[zxcvbn4038]

This is why you don’t do feature detection with the user agent header, but someone needs to tell that to the 800 lb gorilla. In this case though I’m not going to be too harsh because Mozilla wasn’t exactly tripping over themselves to implement U2F support - I think it took them 2-3 years, and I still can’t use a key with any of my IOS browsers (which I think are all just window dressing for apple’s html widget, so blame that on Apple).

Web site support that uses the feature on any browser has been slow also. Robinhood is the only financial app that I’ve found that even supports TOTP. My E-trade account still requires a hardware token with a little lcd screen on it - paging Captain Marvel.