I’ve registered two Yubikeys to my account and enabled Encryption for both of them, but when I try to use either of them to login to the browser extension or the Vault website, after entering my PIN and touching the Yubikey it shows a list of email addresses (I’ve registered my keys to my parents’ accounts too so it shows those) and when I select mine it says “Passkey authentication failed”.
I’m currently trying with Edge on Windows 11 but I had the same problem with Chrome on another PC.
Could you check in the web vault if those two YubiKeys are still listed in Settings → Security → Master Password → Log in with Passkey ? (including marked as “with encryption”)
Do the passkeys of your parents work?
Yes, it still shows both keys and “Used for encryption” next to each of them.
No, it doesn’t work when I select my parents’ passkeys either.
I think I have no good theory then about what might have happened.
when the web vault still shows the passkeys “with encryption”, and there was no change on the YubiKeys, then they (in theory) should still work
but when all your (only BW?) passkeys on your YubiKeys don’t work, it seems unlikely that all of them got corrupted at the same time – unless the YubiKey might got damaged?! (only speculating now…)
if you didn’t write “I’m currently trying with Edge on Windows 11”, I would have speculated one or more components wouldn’t be PRF-capable now…
So, besides setting those passkeys up anew and see if it works then… and/or trying it with a different / new YubiKey… I’m out of ideas.
(if you have the idea to reset the FIDO function of your YubiKey, just a reminder that that would delete all FIDO credentials on your YubiKey)
PS: You could try to delete the cache of your browser and/or deinstall/reinstall the browser extension… but as you already tried it on different BW “apps”, I somehow doubt that will change anything for you. 
BTW, did “Log in with passkey” – with those passkeys you created – ever work before? – If you never tested it / it never worked before, it might be worth to look through the exact steps you took when you created those passkeys.
This is probably not likely to lead to a solution, but worth checking, regardless: How old is your Yubikey, and what is its firmware version?
It’s a Yubikey 5 NFC with firmware 5.2.4
This is the first time I’ve tried using this feature. I’ll try deleting the passkey from the Yubikey and in BW and create it again.
Aha… Yeah, then for now I think most likely something went wrong when you created them. – When Windows Security/Hello pops up, be sure to always click “other” or “Security Key” (and definitely not “PIN”, because that would be the Windows Hello PIN!).
Of course, when you choose “Security Key”, eventually you will also get asked for the FIDO PIN of the YubiKey – that is expected.
(if you don’t succeed, I might create screenshots of how to do it, as I’m also on Windows 11…)
I’m sure I did it the right way before. If I hadn’t it wouldn’t have created the passkey on my Yubikeys.
Anyway, after deleting my passkey in Yubico Authenticator and in the Vault and recreating them, it’s working with my account with both of my Yubikeys now. I’ll do the same with my parents’ accounts.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.