FIDO U2F keys are being phased out in 2025 - make sure to replace those in time

Not exactly some… I don’t remember the exact date, but all (then-new) Yubikeys beginning like around 2018 (?!) will not get phased out as they support the “newer” FIDO2-protocol…

@edelstone is saying two different things. The response from @Nail1684 applies to the Yubico Authenticator app. However, Yubico OTP is something completely different, which does not involve any authenticator app. I don’t know whether it’s a given that Yubico OTP will continue to be supported by Bitwarden for older (U2F-only) keys.

@anon10321843 @grb Up to now I was under the impression, that the thing (of the phase out) was using U2F as the protocol - and not U2F keys serving other purposes.

Also, on the Yubico OTP help site (Two-step Login via YubiKey | Bitwarden Help Center) and in the web vault, YubiKeys 4 are still listed for Yubico OTP. I would think, they had removed the YubiKey 4 by now, if it wouldn’t work by next year?!

This screenshot is so new, it is still a bit hot:

But, only speculation. Maybe @Micah_Edelblut can clarify? :wave:

1 Like

You are most likely right, but it would be best to get official clarification.

That’s why I (also) addressed Micah :wink:

No planned changes for Yubico OTP two-step login.

3 Likes

@Micah_Edelblut Since you’re here, can you confirm (even if just by adding a reaction emoji to the relevant comments) that you have read the two earlier comments by @kpiris (here and here) describing test results proving that the presence or absence of a “Migrated from FIDO” marker is not a reliable indicator that a key will stop working?

1 Like

I am trying to gather more information on exactly those questions before responding.

2 Likes

Sorry for the delay, y’all. I’ve followed up with our subject matter experts here and now have more details around which keys, exactly, will no longer be supported following the changes Bitwarden has planned.

TL;DR the only keys that will stop being supported are those that show “migrated” in the WebAuthn settings.

More details:
Prior to 2021, U2F keys were registered with the U2F API. These are the keys that were “migrated” to WebAuthn as shown in the interface. U2F keys registered after 2021 are registered using the WebAuthn API. These do not show that they have been “migrated” and will continue to work following the changes Bitwarden has planned.

4 Likes

Thank you very much for that clarification.

According to this new information:

The note on the v2024.12.0 release notes is not clear at all and, IMO, this sentence induces to unnecessary confussion:

If you currently use a FIDO U2F key for two-step login, please make sure to update your two-step login settings to avoid account lockout.

And the first sentence on the tip in the Two-step Login via FIDO2 WebAuthn Passkey help page reading:

New U2F-only keys can not be added to an account.

is simply not true.

2 Likes

Thanks! Working to get these corrected.

3 Likes

HI I am a bit confused I have a yubikey 5c series. I would just like to now if these keys will be phased out through 2025. I do not understand what this means below:
It turns out, that only keys that are shown (in the “passkey”-2FA section of the web vault) as “Migrated from FIDO” are being phased out. But even those should work after re-registering them (and by that, they would be automatically registered with the newer WebAuthn protocol):
I just don’t understand this wording. This is a bit confusing.
Sorry for not understanding
Thanks

Take a look at the keys you have set up for 2FA.
Do any of them say “Migrated from FIDO” next to them?
If yes, you will want to remove these keys and create new ones using your yubikey 5c.
If no, you don’t need to do anything, you keys will continue to be supported.