Firefox using FIDO2 Security Keys
Firefox seems to have a problem on Linux using USB Security Keys. I have two Yubico Security Keys which I use for 2FA. The problem seems to be that Firefox cannot communicate with the USB port, as it doesn't make any difference whether the USB Security Key is plugged in or not, the error returned is always the same and the Security Key does not light up.
I believe Firefox's WebAuth code must be fine, as it works on Windows, which is why I think it's some kind of permissions problem. Chrome works perfectly with the Security Keys on my computer.
I've used a number of sites (I've listed a couple below) where you can test your Security Key with Firefox on KDE Neon and the error is always "UnknownError: The operation failed for an unknown transient reason":
https://www.token2.com/tools/fido2-test/ https://demo.yubico.com/webauthn-technical/registration
I cannot log into Bugzilla with GitHub as my GitHub login uses a Security Key as the second factor.
Isisombululo esikhethiwe
You can try Firefox from the official Mozilla server if you currently use a version from the repositories of your Linux distribution to see if it behaves differently.
Funda le mpendulo ngokuhambisana nalesi sihloko 👍 1All Replies (3)
Isisombululo Esikhethiwe
You can try Firefox from the official Mozilla server if you currently use a version from the repositories of your Linux distribution to see if it behaves differently.
As you suggested, downloading the official version of Firefox from your website solved the problem. I will post a ticket on KDE Neon's bug tracker that their default installation of Firefox is not configured properly.
Many, many thanks for your help.
This isn't actually a firefox problem. KDE Neon uses the firefox package from the Mozilla Team PPA and there's nothing wrong with that package. The problem is that Neon enables app armor on firefox which breaks access to password managers and security keys. sudo aa-disable usr.bin.firefox works around the problem by disabling app armor for firefox. aa-complain was not sufficient in this case.