dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Security Key Not Recognized on Websites Without PIN Prompt Until Used on a PIN-Prompting Website #114

New Issue
Closed
opened 2025-03-07 16:43:37 +08:00 by MiniProjectDIY · 3 comments
MiniProjectDIY commented 2025-03-07 16:43:37 +08:00 (Migrated from github.com)
Copy Link

I have registered several security keys successfully on both Google and Porkbun. However, I encountered an issue where a newly inserted security key is not recognized on websites that do not prompt for a PIN (such as Porkbun), but works fine on websites that do prompt for a PIN (such as Google).

Firmware version:

V6.4 EDDSA branch

Steps to Reproduce

  1. Insert the security key into the computer.
  2. Try to log in to Porkbun, which does not prompt for a PIN.
  3. Windows Security displays the following error message: "This security key doesn't look familiar, please try a different one."

Image

5.Use the same security key to log in to Google, which prompts for a PIN.
6.Enter the PIN, and the login to Google succeeds.

Image

  1. Return to Porkbun and try logging in again using the same security key.
  2. This time, the security key is recognized, and the login proceeds normally.
    Image

Expected Behavior

The security key should work consistently on all registered websites without requiring a prior authentication on a PIN-prompting website.

Actual Behavior

When first inserted, the security key is not recognized on websites that do not prompt for a PIN.
After being used once on a website that prompts for a PIN (e.g., Google), it starts working correctly on all websites, including those without PIN prompts.

Additional Information

The security key was successfully registered on both Google and Porkbun.
This issue occurs on a Windows system where Windows Security manages authentication.
It seems that the security key remains in an uninitialized state until a PIN is entered at least once after insertion.

I have registered several security keys successfully on both Google and Porkbun. However, I encountered an issue where a newly inserted security key is not recognized on websites that do not prompt for a PIN (such as Porkbun), but works fine on websites that do prompt for a PIN (such as Google). ### Firmware version: V6.4 EDDSA branch ### Steps to Reproduce 1. Insert the security key into the computer. 2. Try to log in to Porkbun, which does not prompt for a PIN. 3. Windows Security displays the following error message: "This security key doesn't look familiar, please try a different one." ![Image](https://github.com/user-attachments/assets/8bebd351-5ffe-4de6-a3c5-3808996532b3) 5.Use the same security key to log in to Google, which prompts for a PIN. 6.Enter the PIN, and the login to Google succeeds. ![Image](https://github.com/user-attachments/assets/e8370a04-8888-47e0-bfbe-d772f44e487b) 7. Return to Porkbun and try logging in again using the same security key. 8. This time, the security key is recognized, and the login proceeds normally. ![Image](https://github.com/user-attachments/assets/d29b672b-1480-450e-80ac-5e4c8befc953) ### Expected Behavior The security key should work consistently on all registered websites without requiring a prior authentication on a PIN-prompting website. ### Actual Behavior When first inserted, the security key is not recognized on websites that do not prompt for a PIN. After being used once on a website that prompts for a PIN (e.g., Google), it starts working correctly on all websites, including those without PIN prompts. ### Additional Information The security key was successfully registered on both Google and Porkbun. This issue occurs on a Windows system where Windows Security manages authentication. It seems that the security key remains in an uninitialized state until a PIN is entered at least once after insertion.
MiniProjectDIY commented 2025-03-07 16:52:40 +08:00 (Migrated from github.com)
Copy Link

I also read this issue and your reply.
Is this correct behavior(key not recognized) if the website doesn't prompts for a PIN?Does it mean that I have to used it in a website prompts PIN first then it can be used in other place?
From that issue and my experience,seems both github and porkbun don't prompt PIN and lead to the key not recognized.

Again,I'm not quite sure whether this is a issue for pico-fido or issue for github/porkbun,since google/yahoo works fine.But this problems seems not exist for older version firmware.

Is this the same issue for discouraged verification problem from https://github.com/polhenarejos/pico-fido/issues/113?

I also read [this issue](https://github.com/polhenarejos/pico-fido/issues/110) and [your reply](https://github.com/polhenarejos/pico-fido/issues/110#issuecomment-2663707348). Is this correct behavior(key not recognized) if the website doesn't prompts for a PIN?Does it mean that I have to used it in a website prompts PIN first then it can be used in other place? From that issue and my experience,seems both github and porkbun don't prompt PIN and lead to the key not recognized. Again,I'm not quite sure whether this is a issue for pico-fido or issue for github/porkbun,since google/yahoo works fine.But this problems seems not exist for older version firmware. Is this the same issue for discouraged verification problem from https://github.com/polhenarejos/pico-fido/issues/113?
MiniProjectDIY commented 2025-03-07 17:30:17 +08:00 (Migrated from github.com)
Copy Link

ok,I just build and install the latest develop branch,now porkbun prompts for PIN also and it works well.

ok,I just build and install the latest develop branch,now porkbun prompts for PIN also and it works well.
cmichel5 commented 2025-08-22 23:30:33 +08:00 (Migrated from github.com)
Copy Link

I have the same exact issue with 1password.com
Using firmware 6.6 (not EdDSA).

Error message when inserting the key : "This security key doesn't look familiar, please try a different one."
I have to use either Yubico Authenticator, or any websites that ask for my PIN first, and then the key will work on 1password

I have the same exact issue with 1password.com Using firmware 6.6 (not EdDSA). Error message when inserting the key : "This security key doesn't look familiar, please try a different one." I have to use either Yubico Authenticator, or any websites that ask for my PIN first, and then the key will work on 1password
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
dearsky
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dearsky/pico-fido#114
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?