I guess the first thing to figure out is whether the applet as it’s installed for you is working at all.
Could you try https://play.google.com/store/apps/details?id=de.cotech.hw.fido.example or something like it and see if the app works there?
I guess the first thing to figure out is whether the applet as it’s installed for you is working at all.
Could you try https://play.google.com/store/apps/details?id=de.cotech.hw.fido.example or something like it and see if the app works there?
I am running android 12 and it seems I cannot install this app from the store
Just out of curiosity does anyone have a picture or video of what the credential manager section looks like in the Apex Manager app?
It’s not built yet
If you still want to try this suggested app.
Here you go
Support for full FIDO management via the Apex app is currently in development.
Meanwhile, several other programs implement support for credential management. The libfido2 tools via e.g. “fido2-token -L -r pcsc://slot0”, the Yubico tools via e.g. “ykmankman --reader “ACS ACR1252 Dual Reader [ACR1252 Dual Reader PICC] 00 00” fido credentials list”. Chrome provides a UI in recent versions at chrome://settings/securityKeys if you are on Linux, see the screenshot.
Alright so here’s the deal.
Testing with the wrbauthn fido app does not show anything abnormal. Registration and then authentication are successful but the issue with Google and Facebook persist.
Can someone try to replicate this issue by registering the new applet with Google or Facebook and lmk if it works for them. Btw I’ve tried registering it with bitwarden, again unsuccessful. And lastly, I do not have access right now to my acs reader, unfortunately
Thank you for the report. Are you using the Google Play Services (i.e. Stock Android) or are you using MicroG (i.e. LineageOS / custom ROMs)?
I am using stock android 12 from one plus.
I’m also having issues registering my Apex Flex as a U2F key for Bitwarden after upgrading to the new applet - will see if I can provide further details when I get time
Sorry for the absence, all - I was on a Christmas trip with limited Internet.
It sounds like the problem is with Google Play’s U2F implementation somewhere, since the Android app I linked above (which uses an alternative non-Google library) works okay.
Unfortunately Google’s implementation is closed source, so that makes it a bit more difficult to debug. And it supports the nice FIDO2 stuff, but only makes it available for Google’s own Passkeys, not for things like your implant… The usual Google approach.
I’ll try to reproduce the problem with one of my devices. One preliminary thought might be that Google’s just not waiting long enough for the implant to respond: I’ve pushed some changes to the OSS app to try to speed up the U2F-only use case.
If you want to help debug it would be nice if you could try registering the authenticator with anyhing other than an Android device and then see if you can use the Android phone to sign in afterwards with the credential you created earlier. That would help me narrow down where to look for issues.
I was able to secure my gmail account using the fido2 app on my apex
Using U2F, or using a discoverable credential?
Do you need your authenticator’s PIN when signing in?
Play Services gets automatically updated, it’s possible the support is better now.
Discoverable credential. After enrolling my implant it just asks to scan my apex as 2fa after entering my password like normal. Haven’t tried on mobile yet but it works on pc
Okay, it sounds like you’re talking about what Google supports on its servers, whereas I was talking about what Google Play Services for Android supports.
You can absolutely use this authenticator app with Google stuff - the problem people are reporting above is with using Android phones running Google Play Services only. Linux/Windows/Mac/iOS should be fine.
Can you outline exactly the steps you took to produce the error, then others can follow the steps to reproduce and confirm
Here you go. Steps to reproduce on android phone
preps.
1.st Install fidesmo app from google play store
2.nd scan appex with fidesmo app
3.rd install fido2 applet(in case you have an old one destroy and reinstall)
in case installation is successful, proceed to the next steps, otherwise free space on the apex and retry step 3
after we have the applet installed
for google account.
1.st open a browser on your android phone
2.nd visit accounts.google.com
3.rd login with your creds
4.th Go to security, then click on security keys
5.th Click add security key, then choose nfc
6.th scan your implant
A message has been displayed saying - you’re all set, but next window displays an error “couldn’t connect, remove your key and reconnect it. Then try again” Options in this interface are cancel and try again.
expected behaviour, security key to be successfully added.
facebook account, via the facebook android app
1.st open Facebook app
2.nd select Menu then the gear icon (settings and privacy)
3.rd click on Meta account center
4.th under account settings, choose password and security
5.th under login and recovery, choose two-factor authentication, then select your account and enter your password
6.th select security keys and click add
7.th click register security key, then choose nfc method and scan your implant
expected behaviour, security key to be successfully added. unfortunately they key is not being added
Bitwarden
1.st login to your bitwarden account
2.nd go to settings, account security, two step login
this will redirect you to bitwarden website, click continue
3.rd login again, go to account settings, then security
4.th select two-step login tab, then click on manage for webauthn, reenter your master password
5.th follow the “guide”, name the new key that should be added, then click on read key, choose nfc
error is displayed saying - there was an error reading your security key, try again
expected behaviour, security key to be successfully added.
Github
1.st login to github
2.nd go to account, settings, password and authentication
3.rd under two factor method, locate security keys and click on edit, then register new security key.
4.th choose a name for the key then hit add and choose nfc
an error message will be displayed - security key registration failed.
expected behaviour, security key to be successfully added.
@amal please lmk if you need anything else. Thanks!
Excellent steps thanks