[DigitalPoint] Security & Passkeys

[DigitalPoint] Security & Passkeys 1.1.8

No permission to download
Overview Updates (15) Reviews (6) History Discussion
digitalpoint updated [DigitalPoint] Security & Passkeys with a new update entry:

Adds option to encourage users to have more than one strong two-step option

  • If user has no Passkeys setup yet, the button to manage them is labeled 'Enable' rather than 'Manage'
  • Use a more specific selector when enabling/disabling the Submit button on the WebAuthn form
  • New option: Options -> User options -> Recommended strong two-step options (defaults to 2)
  • The user's two-step page will show a notice about not having enough strong two-step options if they have less than the number set under options (a reminder to users that they should have more...
Click to expand...

Read the rest of this update entry...
 
MattW said:
They reduced it down now from the looks of it. I was only able to order 4 (2 USB and 2 USB C).
Click to expand...
Still a great deal. Honestly, I was surprised they let people get 10 (myself included). I assume it was more to get people in the door to try them out and maybe order more later for employees. You don't need 10 to try them out. I already had them and my 10 "cheap" ones from the deal are still unopened.
 
digitalpoint said:
Still a great deal. Honestly, I was surprised they let people get 10 (myself included). I assume it was more to get people in the door to try them out and maybe order more later for employees. You don't need 10 to try them out. I already had them and my 10 "cheap" ones from the deal are still unopened.
Click to expand...
Yep, 4 is still plenty. Was happy them came pretty quickly as well, as I wasn't expecting to get mine until the end of November.
 
Interesting change since I upgraded (can't remember which older version I was using):

1673894860190.webp

Aren't these both the same thing? I used my phone as a security key.

Should I disable the Verification via security key option (which is working for me now), and try it again with the Passkeys option? I also noticed I don't see the PGP and Telegram options, but I haven't fully dug into settings yet to see if those need to be enabled somewhere else.
 
Those are two different things. The "Verification via security key" is not from this addon (old version or latest). This addon has never supported FIDO U2F (that's more or less the old standard that FIDO2/WebAuthn has replaced). This add-on has always used FIDO2/WebAuthn (and never FIDO U2F). That has to be a different addon.
 
digitalpoint said:
Those are two different things. The "Verification via security key" is not from this addon (old version or latest). This addon has never supported FIDO U2F (that's more or less the old standard that FIDO2/WebAuthn has replaced). This add-on has always used FIDO2/WebAuthn (and never FIDO U2F). That has to be a different addon.
Click to expand...
OK, that makes sense. That must be from the Dragonbytes Security add-on I have installed. (I like the add-on to a point, but it has a lot to configure and I don't really know that it's doing us any good anyways.)
 
Not sure if this is plugin-related... Had it enabled and working for 2FA using my Winkeo-C FIDO2 key (French, cheaper than Yubikey or Google's), that I can use both on my desktop and on my Android smartphone. The 30-day "remember me" period elapsed, went through the forum authentication on my Android phone in Firefox, key plugged in, Android took me through the authentication steps, then got back to the login page which continued to state that I did not complete the 2FA. The dongle works with other apps and seems to be fine in other sites, but I'm not sure if this is caused by the plugin, by Firefox or what else. Anyone else experienced something similar?
 
Are you 100% certain you used the key both times? Browsers have the ability to do FIDO2 at the operating system level on a per browser basis as well, so you normally need to choose what method. Have you tried all the different methods to check if somehow you accidentally picked the wrong one when setting it up?
 
My phone at least has not given me a choice. Firefox triggered the Android overlay with the steps to insert the key and touch it, returning to the browser once complete, but somehow the page that triggered the OS event didn't get the result or something.

I've been scratching my head about it. I couldn't replicate the issue on Windows desktop + Firefox. Maybe it's a Firefox issue, which was upgraded since the last time I did the authentication this way? Maybe it's an Android issue, not asking for the PIN first - but then another FIDO2 test app also didn't ask for the PIN, and the key vendor doesn't have any management/test app.

That's why I've asked if anything similar was encountered before. I can't call it a bug when the issue may just be with my phone. I'll get the latest version of the plugin installed again and do some more testing. Weird.
 
Ya, I’ve not run into it myself or heard of anyone else seeing something similar, but I also don’t know exactly the browser/operating system/key combo people are using. I guess let me know if it’s something you end up being able to replicate (although honestly not even sure what to look at that that point since FIDO2 is device/browser/key independent unless one of those things simply has a bug).
 
Trying to set this up.

When trying to view or delete an existing key, I get the following error:
Code: 
ErrorException: [E_WARNING] Undefined array key "credentialId" in src/addons/DigitalPoint/Security/XF/Pub/Controller/Account.php at line 207
[*]XF::handlePhpError() in src/addons/DigitalPoint/Security/XF/Pub/Controller/Account.php at line 207
[*]DigitalPoint\Security\XF\Pub\Controller\Account->actionTwoStepDisable() insrc/XF/Mvc/Dispatcher.php at line 352
[*]XF\Mvc\Dispatcher->dispatchClass() in src/XF/Mvc/Dispatcher.php at line 259
[*]XF\Mvc\Dispatcher->dispatchFromMatch() in src/XF/Mvc/Dispatcher.php at line 115
[*]XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 57
[*]XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2483
[*]XF\App->run() in src/XF.php at line 524
[*]XF::runApp() in index.php at line 20

Edit:
Same error when trying to add a new passkey. Tried to remove and install the add-on but that doesn't fix it.
 
You must log in or register to reply here.

Similar threads

D
[DigitalPoint] Security & Passkeys - Polish translation
Replies
1
Views
451
dave3
D
N
[DigitalPoint] Security & Passkeys - FRENCH translation
Replies
4
Views
509
Nicolas FR
N
digitalpoint
[DigitalPoint] PWA
6 7 8
Replies
140
Views
9K
digitalpoint
digitalpoint
Ozzy47
[OzzModz] Security Lock Old Accounts
2 3
Replies
58
Views
3K
Ozzy47
Ozzy47
XDinc
[XTR] Manage Two-step Verification Providers
Replies
1
Views
575
alfaNova
alfaNova
Top Bottom