trezor-firmware icon indicating copy to clipboard operation
trezor-firmware copied to clipboard

Published 20 hours ago verified publisher icon trezor

Unable to use Trezor Model T as security key on Google with Safari

Open sime opened this issue 3 years ago • 4 comments

Describe the bug Adding Trezor Model T as a security key to Google fails.

Firmware version and revision 2.4.3

Desktop/smartphone setup (please complete the following information):

  • OS: macOS
  • Browser Safari
  • Version 15.3

To Reproduce Steps to reproduce the behavior:

  1. Go to https://myaccount.google.com/signinoptions/two-step-verification
  2. Authenticate
  3. Click 'Add Security Key'
  4. See 'Got your security key?' modal and click 'Next'
  5. Press the green tick

Expected behavior Successful pair Model T to Google account

Screenshots P_20220330_151851(1) Screenshot 2022-04-04 at 13 32 20

Additional context Model 1 works.

sime avatar Apr 04 '22 11:04 sime

For me, I have this same problem on Ubuntu 21.10 running Chrome 100.0.4896.127 (Official Build) (64-bit).

A workaround is to register using FireFox. The "FIDO2 Register" process does not work with Chrome for some reason. But, the "U2F Register" process works in FireFox. After the key is registered correctly, logging-in with Chrome works too. There's likely useful info in chrome://device-log/. I have not looked into this much beyond that though.

mcudev avatar Apr 26 '22 12:04 mcudev

@mcudev Just to clarify, the issue is with Google.com ?

sime avatar May 04 '22 11:05 sime

@sime yes, google.com. testing again today, i find that things are working a little better/differently with chrome version 101.0.4951.64 (Official Build) (64-bit).

now, i can get my key registered with the "FIDO2 Register" process and working with this google accounts + chrome combo, there is just one workaround that i had to do. when registering the key, i get this screen:

allow_skip

if you click allow, the process fails with:

could_not_connect

when you click skip, you can name the key and continue on and things work. also, when logging in using the fido2 authenticate process, with this google + chrome combo, it actually lets me in instead of seeming like it works and then forcing me to use a fallback 2fa mechanism.

firefox still uses the u2f authenticate process and that still works too.

mcudev avatar May 14 '22 09:05 mcudev

Can confirm it is failing for me on Chrome and Safari.

sime avatar May 16 '22 14:05 sime

Reopening. PR #2834 only fixes https://github.com/trezor/trezor-firmware/issues/2205#issuecomment-1109755886 for Chrome.

andrewkozlik avatar Feb 17 '23 15:02 andrewkozlik

I can confirm that it does not work on my Safari + macOS ;)

  • Device: model T 2.5.4 Universal (revision 0a955b4ad6d9fb5e7a1dbd3333548ffd8b33399a)
  • Safari Version 16.3 (18614.4.6.1.5)

bosomt avatar Feb 19 '23 03:02 bosomt