Also, the only ways to reset the keys are with Google Chrome (which is terrible) or in Windows (which, depending on who you ask, is also fairly terrible).
December 12, 2025 at 1:07 AM
Also, the only ways to reset the keys are with Google Chrome (which is terrible) or in Windows (which, depending on who you ask, is also fairly terrible).
Oh, cool, so if you set a PIN on the key then Google forces you to enter that PIN to enroll any more stuff onto it even if you're trying to enrol for U2F (in Firefox, where it otherwise lets you). And you can't remove a PIN once set, just change it or completely reset the key.
December 12, 2025 at 1:06 AM
Oh, cool, so if you set a PIN on the key then Google forces you to enter that PIN to enroll any more stuff onto it even if you're trying to enrol for U2F (in Firefox, where it otherwise lets you). And you can't remove a PIN once set, just change it or completely reset the key.
Enrolling on mobile Brave over NFC, which only works if you have Brave's own autofill service switched on, lets me use that key to log in on Brave with either NFC on the same Brave setup or USB on desktop over USB... but not over USB on Brave. For that, a whole separate key needs enrolled over USB!
December 12, 2025 at 1:01 AM
Enrolling on mobile Brave over NFC, which only works if you have Brave's own autofill service switched on, lets me use that key to log in on Brave with either NFC on the same Brave setup or USB on desktop over USB... but not over USB on Brave. For that, a whole separate key needs enrolled over USB!
I'm trying very hard to see a use case for physical security keys that doesn't seem less secure than a password alongside TOTP authenticator code generator. I am struggling to identify one other than for individuals who are more likely to be vulnerable to phishing.
December 12, 2025 at 12:23 AM
I'm trying very hard to see a use case for physical security keys that doesn't seem less secure than a password alongside TOTP authenticator code generator. I am struggling to identify one other than for individuals who are more likely to be vulnerable to phishing.
And don't even get me started on NFC. Both on stock Android and GrapheneOS, it's a catastrophe: the implementation requires Google Play Services, which usually crashes, and almost never shows any errors to tell you anything is wrong so sometimes the crashes are just inexplicably silent.
December 12, 2025 at 12:21 AM
And don't even get me started on NFC. Both on stock Android and GrapheneOS, it's a catastrophe: the implementation requires Google Play Services, which usually crashes, and almost never shows any errors to tell you anything is wrong so sometimes the crashes are just inexplicably silent.
Proton let me enrol a PINless key in U2F mode but when I try to use it on mobile it forces me to set a PIN (so, we're suddenly in FIDO2 again for no apparent reason). But both before and after setting PIN, it works on desktop Firefox without ever asking for a PIN. WHAT THE FUCK IS GOING ON
December 12, 2025 at 12:19 AM
Proton let me enrol a PINless key in U2F mode but when I try to use it on mobile it forces me to set a PIN (so, we're suddenly in FIDO2 again for no apparent reason). But both before and after setting PIN, it works on desktop Firefox without ever asking for a PIN. WHAT THE FUCK IS GOING ON
Bitwarden let me enrol in U2F mode on Firefox but when I tried to actually use it on any device/browser, it errored out.
Then I tried setting a PIN on the key beforehand, but that automatically enabled "log in with passkey" (when I just wanted 2FA).
Enrolling in Safari worked (unlike Google).
Then I tried setting a PIN on the key beforehand, but that automatically enabled "log in with passkey" (when I just wanted 2FA).
Enrolling in Safari worked (unlike Google).
December 12, 2025 at 12:17 AM
Bitwarden let me enrol in U2F mode on Firefox but when I tried to actually use it on any device/browser, it errored out.
Then I tried setting a PIN on the key beforehand, but that automatically enabled "log in with passkey" (when I just wanted 2FA).
Enrolling in Safari worked (unlike Google).
Then I tried setting a PIN on the key beforehand, but that automatically enabled "log in with passkey" (when I just wanted 2FA).
Enrolling in Safari worked (unlike Google).
I can seemingly enrol a physical security key on a Google account in FIDO U2F mode only in certain browsers e.g. Firefox. If I try to enrol in Chrome, for example, it forces me to enter a PIN, indicating FIDO2 mode, even though I have "bypass password when possible" switched off.
December 12, 2025 at 12:15 AM
I can seemingly enrol a physical security key on a Google account in FIDO U2F mode only in certain browsers e.g. Firefox. If I try to enrol in Chrome, for example, it forces me to enter a PIN, indicating FIDO2 mode, even though I have "bypass password when possible" switched off.
Switched to Safari. Works there. Hahah fucking hell.
March 14, 2024 at 9:34 PM
Switched to Safari. Works there. Hahah fucking hell.
I saw that image corruption in the preview window and figured, "How appropriate, BlueSky is broken too, ha ha".
Posted anyway, and it's actually like that in the final post, not just the preview. Incredible.
Posted anyway, and it's actually like that in the final post, not just the preview. Incredible.
March 14, 2024 at 9:32 PM
I saw that image corruption in the preview window and figured, "How appropriate, BlueSky is broken too, ha ha".
Posted anyway, and it's actually like that in the final post, not just the preview. Incredible.
Posted anyway, and it's actually like that in the final post, not just the preview. Incredible.