09xxxxx
January 16, 2021, 11:00pm
#17
I am having the same problem as well. M1 Macbook Air. I installed the application, entered my master password, and then it says it cannot proceed with 2FA because my device is not supported.
No issues with any other logins. Logging into Gmail and Namecheap with Safari prompt me to touch my key as expected.
ghunter
March 3, 2021, 9:24am
#18
Is U2F for Android Coming??
tgreer
March 3, 2021, 2:01pm
#19
It’s on the roadmap for ~ Q1 this year
Davidz
March 3, 2021, 4:23pm
#20
Is that Q1 of the Calendar Year or Q1 of a Financial Year
1 Like
tgreer
March 3, 2021, 4:25pm
#21
4 Likes
The updated roadmap no longer specifically calls out this feature. Has it fallen off, or just no longer worth of being called out specifically?
tgreer
March 19, 2021, 3:14pm
#23
It’s still there
Looks like the most recent roadmap update only calls out the mobile apps. Are desktop apps covered by any of the roadmap items or is it no longer a planned feature?
tgreer
July 6, 2021, 1:08pm
#25
Windows desktop is already live with FIDO2, macOS is in progress
2 Likes
Great news!
Sorry to be “that guy”, how about Linux?
2 Likes
tgreer
August 27, 2021, 8:37pm
#27
Mobile is underway:
bitwarden:master ← bitwarden:feature-fido2webauthn
opened 08:25PM - 27 Aug 21 UTC
Support for FIDO2 WebAuthn in iOS & Android. Since iOS only supports FIDO2 via … Safari, the decision was made to ditch the native API in Android and use a single code path for both platforms (using `WebAuthenticator`; I'll push the native API work to a separate branch in case we ever want to revisit). This has the added benefit of not excluding our F-Droid users since the native API is part of Google Play Services, as well as being able to ship this ASAP without waiting for [these changes](https://github.com/passwordless-lib/fido2-net-lib/pull/237) to make it into production.
Additional changes: Reworked the method of showing the progress dialog/spinner during use of `WebAuthenticator` based on issues discovered while working on FIDO that I accidentally avoided while working on SSO. Brought these changes to captcha as well to smooth out the flow.
Also discovered the latest version of WebAuthenticator supports ephemeral webviews which has the additional side-effect of _not_ prompting to open the view on iOS, so I applied this to both WebAuthn & captcha to smooth out the experience (left in place for SSO because of our use of cookies across sessions).
Tested with a YubiKey 5C NFC & 5Ci, which covers NFC, USB-C, and Lightning.
Notes on NFC: This process is clumsy on Android due to the speed of the handoff to the default scan handler after the FIDO2 scan is complete, combined with the way the system treats impromptu scans. If you don't physically distance the key soon enough after the FIDO2 scan the default handler scans it again and opens a web browser showing a Yubico page. You can time it with the device vibrations to get a perfect scan - a successful WebAuthn scan will result in 2 distinct vibrations. If you feel a 3rd one, you waited too long. And if you only feel 1, you pulled away too soon and the scan will fail with an error. (For the record this happens with the native FIDO2 API as well). Technically iOS does this as well but they trigger a notification instead of opening a browser, so the user doesn't have to worry about their reflexes during login.
Edit: Forgot to mention some UI work is still needed for the mobile webauthn-connector:
@codemichael I’ll have to check on Linux timing, but overall Fido2 is a big priority for us
2 Likes
Hans_Mata
September 22, 2021, 8:41am
#28
I just downloaded from playstore and FIDO2 on Android does not appear to be working with my Yubikey NFC and 5c. Only OTP works, same as last year. After I disabled Yubikey OTP, the android app now says “Login Unavailable … none of the configured two-step providers are supported on this device.” Android app does not even attempt to read via NFC. It’s back to KeePass again.
1 Like
tgreer
September 22, 2021, 11:24am
#29
@Hans_Mata hang tight! We’re about to release FIDO2 support in the next app version later this week.
2 Likes
Ayitaka
September 22, 2021, 11:45pm
#30
Any (iOS) TestFlight available for this, by chance?
tgreer
September 22, 2021, 11:47pm
#31
It was just published in the App Store actually!
1 Like
Ayitaka
September 23, 2021, 12:23am
#32
Not yet available for self-hosted? /webauthn-mobile-connector, is live at Bitwarden Mobile WebAuthn Connector , but I am not seeing it in the nginx config on github nor on the latest released self-hosted version.
tgreer
September 23, 2021, 12:25am
#33
Ah! Not quite yet
The self hosted updates are normally delayed a few days as we monitor the release on our SaaS solution.
Hans_Mata
September 30, 2021, 1:12am
#36
Still not working with Yubikey 5c and Yubikey NFC, via NFC nor USB-C. With the 5c, I get two vibrations then it goes to Yubikey OTP site. If I disconnect immediately after one vibration, nothing happens.
With Yubikey NFC, nothing happens.
I guess it’s back to KeePass again.
@tgreer any news for this on MacOS. Would really like to get rid of Authy and only use my shiny new yubikey with webauthn.
tgreer
October 24, 2021, 12:05am
#38
Heh, I understand! I think we are still waiting on an Electron fix for this and another request with TouchID.
@hinton do you happen to know the issue with electron specifically?
?
- the 