Improved error handling for Yubikey Bio #13900
Assignees
Labels
feature-request
Used for new features in Teleport, improvements to current should be #enhancements
passwordless
tsh
tsh - Teleport's command line tool for logging into nodes running Teleport.
Comments
codingllama
added
feature-request
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like Teleport to do?
Better error handling for common Yubikey Bio authentication errors. Note that this applies exclusively to
tsh.libfido2 error 60, aka FIDO_ERR_UV_BLOCKED
Usually caused by a soft lock. We can do with a better error message. For Bio users, this is answered by the FAQ (https://www.yubico.com/br/setup/yubikey-bio-series/#faq).
libfido2 error 63, aka FIDO_ERR_UV_INVALID
Usually caused by a failed sensor read. Retrying is viable, up to a certain (small) threshold of attempts. I imagine that, as long as the Yubikey keeps blinking, users will instinctively try again.
What problem does this solve?
It makes passwordless / MFA UX better.
If a workaround exists, please include it.
Public docs could also mention common errors.
The text was updated successfully, but these errors were encountered: