dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Windows does not prompt for Pico Fido PIN before authenticating on GitHub #151

New Issue
Closed
opened 2025-05-12 14:03:33 +08:00 by sandman21vs · 1 comment
sandman21vs commented 2025-05-12 14:03:33 +08:00 (Migrated from github.com)
Copy Link

## Description
When configuring Pico Fido as an authentication method on GitHub in Windows, the system does not prompt for the device PIN before starting authentication, causing the login to fail. However, if you first unlock the Fido on another site (e.g., https://webauthn.io/) or via Windows Security, then GitHub login succeeds normally.

Steps to Reproduce

  1. In GitHub (web), go to Settings > Security > Security keys and add the Pico Fido as a security key.
  2. Remove and re-insert the USB device so that a PIN prompt is required again.
  3. Attempt to log in to GitHub (via website or Git Credential Manager) — note that no PIN prompt appears and authentication fails with a “device not recognized” error.
  4. Next, go to https://webauthn.io/ or use Windows Security to force the PIN entry on the Pico Fido.
  5. Try logging in to GitHub again — now that the Fido is unlocked, the login succeeds.

Actual Behavior

  • Failure to log in to GitHub, with an error indicating the device was not recognized (no PIN prompt).

Expected Behavior

  • Windows (or the authentication agent) should automatically display the Pico Fido PIN prompt when starting the GitHub login flow, unlock the device, and complete authentication without errors.

Logs / Error Messages

(Paste here the exact error message shown by GitHub.)

Additional Notes

  • On mobile (Android/iOS), the same Pico Fido authenticates on GitHub without any issue.
  • On WebAuthn test sites (e.g., webauthn.io), Windows correctly prompts for the PIN.
  • It is unclear whether the issue lies in Windows Hello / Git Credential Manager, GitHub’s WebAuthn flow, or some detail of the Pico Fido firmware.

Question:
Does this look like a bug in Windows (WebAuthn agent), GitHub, or the Pico Fido itself? Has anyone experienced similar behavior?

--- ## Description When configuring Pico Fido as an authentication method on GitHub in Windows, the system does not prompt for the device PIN before starting authentication, causing the login to fail. However, if you first unlock the Fido on another site (e.g., https://webauthn.io/) or via Windows Security, then GitHub login succeeds normally. --- ## Steps to Reproduce 1. In GitHub (web), go to **Settings > Security > Security keys** and add the Pico Fido as a security key. 2. Remove and re-insert the USB device so that a PIN prompt is required again. 3. Attempt to log in to GitHub (via website or Git Credential Manager) — note that no PIN prompt appears and authentication fails with a “device not recognized” error. 4. Next, go to https://webauthn.io/ or use Windows Security to force the PIN entry on the Pico Fido. 5. Try logging in to GitHub again — now that the Fido is unlocked, the login succeeds. --- ## Actual Behavior - **Failure** to log in to GitHub, with an error indicating the device was not recognized (no PIN prompt). ## Expected Behavior - Windows (or the authentication agent) should automatically display the Pico Fido PIN prompt when starting the GitHub login flow, unlock the device, and complete authentication without errors. --- ## Logs / Error Messages > (Paste here the exact error message shown by GitHub.) --- ## Additional Notes - On mobile (Android/iOS), the same Pico Fido authenticates on GitHub without any issue. - On WebAuthn test sites (e.g., webauthn.io), Windows correctly prompts for the PIN. - It is unclear whether the issue lies in Windows Hello / Git Credential Manager, GitHub’s WebAuthn flow, or some detail of the Pico Fido firmware. --- **Question:** Does this look like a bug in Windows (WebAuthn agent), GitHub, or the Pico Fido itself? Has anyone experienced similar behavior?
polhenarejos commented 2025-05-30 17:35:49 +08:00 (Migrated from github.com)
Copy Link

Tested on macOS and worked flawlessly.
Tested on Windows 10 and worked too.
Tested on Windows 11 and worked too.

I used Brave, chromium-based browser. IDK if it is a matter of browser.

Tested on macOS and worked flawlessly. Tested on Windows 10 and worked too. Tested on Windows 11 and worked too. I used Brave, chromium-based browser. IDK if it is a matter of browser.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
dearsky
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dearsky/pico-fido#151
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?