[DigitalPoint] Security & Passkeys

[DigitalPoint] Security & Passkeys 1.1.3

No permission to download

digitalpoint

Well-known member
digitalpoint updated [DigitalPoint] Security & Passkeys with a new update entry:

Adds option to encourage users to have more than one strong two-step option

  • If user has no Passkeys setup yet, the button to manage them is labeled 'Enable' rather than 'Manage'
  • Use a more specific selector when enabling/disabling the Submit button on the WebAuthn form
  • New option: Options -> User options -> Recommended strong two-step options (defaults to 2)
  • The user's two-step page will show a notice about not having enough strong two-step options if they have less than the number set under options (a reminder to users that they should have more...

Read the rest of this update entry...
 

digitalpoint

Well-known member
They reduced it down now from the looks of it. I was only able to order 4 (2 USB and 2 USB C).
Still a great deal. Honestly, I was surprised they let people get 10 (myself included). I assume it was more to get people in the door to try them out and maybe order more later for employees. You don't need 10 to try them out. I already had them and my 10 "cheap" ones from the deal are still unopened.
 

MattW

Well-known member
Still a great deal. Honestly, I was surprised they let people get 10 (myself included). I assume it was more to get people in the door to try them out and maybe order more later for employees. You don't need 10 to try them out. I already had them and my 10 "cheap" ones from the deal are still unopened.
Yep, 4 is still plenty. Was happy them came pretty quickly as well, as I wasn't expecting to get mine until the end of November.
 

digitalpoint

Well-known member

Wildcat Media

Well-known member
Interesting change since I upgraded (can't remember which older version I was using):

1673894860190.png

Aren't these both the same thing? I used my phone as a security key.

Should I disable the Verification via security key option (which is working for me now), and try it again with the Passkeys option? I also noticed I don't see the PGP and Telegram options, but I haven't fully dug into settings yet to see if those need to be enabled somewhere else.
 

digitalpoint

Well-known member
Those are two different things. The "Verification via security key" is not from this addon (old version or latest). This addon has never supported FIDO U2F (that's more or less the old standard that FIDO2/WebAuthn has replaced). This add-on has always used FIDO2/WebAuthn (and never FIDO U2F). That has to be a different addon.
 

Wildcat Media

Well-known member
Those are two different things. The "Verification via security key" is not from this addon (old version or latest). This addon has never supported FIDO U2F (that's more or less the old standard that FIDO2/WebAuthn has replaced). This add-on has always used FIDO2/WebAuthn (and never FIDO U2F). That has to be a different addon.
OK, that makes sense. That must be from the Dragonbytes Security add-on I have installed. (I like the add-on to a point, but it has a lot to configure and I don't really know that it's doing us any good anyways.)
 

puterfixer

Member
Not sure if this is plugin-related... Had it enabled and working for 2FA using my Winkeo-C FIDO2 key (French, cheaper than Yubikey or Google's), that I can use both on my desktop and on my Android smartphone. The 30-day "remember me" period elapsed, went through the forum authentication on my Android phone in Firefox, key plugged in, Android took me through the authentication steps, then got back to the login page which continued to state that I did not complete the 2FA. The dongle works with other apps and seems to be fine in other sites, but I'm not sure if this is caused by the plugin, by Firefox or what else. Anyone else experienced something similar?
 

digitalpoint

Well-known member
Are you 100% certain you used the key both times? Browsers have the ability to do FIDO2 at the operating system level on a per browser basis as well, so you normally need to choose what method. Have you tried all the different methods to check if somehow you accidentally picked the wrong one when setting it up?
 

puterfixer

Member
My phone at least has not given me a choice. Firefox triggered the Android overlay with the steps to insert the key and touch it, returning to the browser once complete, but somehow the page that triggered the OS event didn't get the result or something.

I've been scratching my head about it. I couldn't replicate the issue on Windows desktop + Firefox. Maybe it's a Firefox issue, which was upgraded since the last time I did the authentication this way? Maybe it's an Android issue, not asking for the PIN first - but then another FIDO2 test app also didn't ask for the PIN, and the key vendor doesn't have any management/test app.

That's why I've asked if anything similar was encountered before. I can't call it a bug when the issue may just be with my phone. I'll get the latest version of the plugin installed again and do some more testing. Weird.
 

digitalpoint

Well-known member
Ya, I’ve not run into it myself or heard of anyone else seeing something similar, but I also don’t know exactly the browser/operating system/key combo people are using. I guess let me know if it’s something you end up being able to replicate (although honestly not even sure what to look at that that point since FIDO2 is device/browser/key independent unless one of those things simply has a bug).
 

duderuud

Well-known member
Trying to set this up.

When trying to view or delete an existing key, I get the following error:
Code:
ErrorException: [E_WARNING] Undefined array key "credentialId" in src/addons/DigitalPoint/Security/XF/Pub/Controller/Account.php at line 207
[*]XF::handlePhpError() in src/addons/DigitalPoint/Security/XF/Pub/Controller/Account.php at line 207
[*]DigitalPoint\Security\XF\Pub\Controller\Account->actionTwoStepDisable() insrc/XF/Mvc/Dispatcher.php at line 352
[*]XF\Mvc\Dispatcher->dispatchClass() in src/XF/Mvc/Dispatcher.php at line 259
[*]XF\Mvc\Dispatcher->dispatchFromMatch() in src/XF/Mvc/Dispatcher.php at line 115
[*]XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 57
[*]XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2483
[*]XF\App->run() in src/XF.php at line 524
[*]XF::runApp() in index.php at line 20

Edit:
Same error when trying to add a new passkey. Tried to remove and install the add-on but that doesn't fix it.
 
Top