-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
U2F Keys broken with WordPress 6.2 #553
Comments
To clarify... I recognize that the plugin is not tested with 6.2. I am simply reporting that this particular feature seems to have been broken, as I did not see a similar report on the wp forum or on this project's issues. The other plugins I have activated are just ActivityPub and NodeInfo, nothing else. Hope this helps! Thank you so much for making this plugin to begin with. |
Are you using U2F on any other sites? IIRC all the major browsers have already disabled it, so it won't work anywhere. We're updating the plugin to migrate to WebAuthn in #423 / #427, but it's not ready yet. You could install https://wordpress.org/plugins/two-factor-provider-webauthn/ in the meantime, and your existing keys should still work. Let me know if that's not the problem, though. |
@iandunn you know what, I used "U2F" flippantly because that's what it read in the User Settings, but your comment made me realize that we're talking about FIDO/U2F versus FIDO2/WebAuthn, and that might be the difference. Thanks for showing me the issues where you are upgrading. I will happily wait until y'all feel that it is ready. |
Sounds good, thanks! 👍🏻 |
If you're using firefox, you can still enable U2F by going to |
thank you for this! I didn't know it was toggleable, this is a great workaround for now. |
The |
Shot/chaser. Hate to see it :/ lol |
Describe the bug
When I first installed this plugin, I was running
6.1
and the plugin version was0.7.3
. It worked perfectly then. Since then, my WordPress automatically updated to6.2
, and two-factor updated twice -- from0.7.3
to0.8.0
, and then from0.8.0
to0.8.1
.When logging into an account that default's to U2F for the 2nd factor, the page loads directing the user to insert and press the key, but there is no longer a prompt for the key.
Alternate login methods still work if enabled for the user.
I bypassed the issue by logging into the backend, removing
/public_html/wp-content/plugins/two-factor
, logging in with just 1 factor, installing+activating the plugin again, and then editing both of my user accounts to have TOTP codes enabled as a backup. The behavior persists, but the backup option works so I'm good to go. Can't say the same for a user that posted ~3 days ago on the Wordpress.com forum.Steps to Reproduce
Screenshots, screen recording, code snippet
No response
Environment information
WP 6.2, using just the default Twenty Twenty-Three theme. I'm running WP in an Ubuntu sandbox via Virtualmin. I am running the most recent versions of Firefox and open-source Chromium on Manjaro (arch-based, stable branch) Linux, with Gnome.
Please confirm that you have searched existing issues in this repository.
Yes
Please confirm that you have tested with all plugins deactivated except Two-Factor.
Yes
The text was updated successfully, but these errors were encountered: