Yubikey with website, Firefox plugin and Android app?

What do I need to do to be able to use my Yubico keys consistently for logging into the website, and for unlocking the Firefox plugin and for the Android app? Is it even possible? I’ve been using an authenticator app till now. Oh, and I mean the Firefox plugin on my laptop; I realise there are issues around security keys and NFC and Firefox on Android.

I added two keys to the Fido22-step settings but left the Authenticator app enabled.

  • The website asked for the Yubico keys to validate login.
  • The Firefox plugin asked for the Authenticator OTP
  • My mobile and my tablet (both Android) don’t ask for anything other than my master password (I realise I may have ticked a box somewhere at some point to get this pass on the android apps but I can’t remember where that was).

Then I disabled the Authenticator option.

  • The website asked for my security key.
  • The Firefox plugin refused to let me log in.
  • The android app on my mobile and tablet still don’t care.

For the moment, I’ve reactivated the Authenticator option. Since I rarely use the website, this makes the security keys mostly useless for Bitwarden at the moment.

Do I need to use the Yubico OTP option rather than the Fido2 option? Does the android app support 2FA at all?

I could mess around with more combinations but I thought I’d ask here before accidentally locking myself out.

Ah, a quick check of some recent threads show Fido2 isn’t supported on Android yet. So would choosing the Yubico OTP option allow consistent behaviour?

Initially, I was surprised that the Firefox plugin on my desktop doesn’t seem to use the Fido2 option, but then I recalled the architectural/security changes made to the Firefox APIs and realised this might be blocked to plugins.

Yubi’s work perfectly fine on Android with NFC of course. Don’t need OTP just not fido2. I use a Yubi with NFC (fido) and never have issues. Mostly I leave the vault locked but logged in. However I log out once and a while just to make sure everything is working fine, which it is.

U2F works fine on Firefox too. I use a Yubi neo 100% with Firefox on a linux Desktop and its perfect!

I have the Yubikey 5 NFC. It works fine logging into my vault on the website (from my laptop) via NFC and now I’ve added the Yubikey OTP option I can log into via the Firefox plugin with my keys.

Don’t know what you mean by that. On the website, the Yubikey option is OTP.

And now that’s enabled, my mobile is also using the keys. So for the moment the answer seems to be to enable both Yubikey OTP and Fido2 - more or less consistent behaviour in most situations and better security where available.