User:Bri.public/2FA issue
Issue with 2FA: Phab:T244088, "Logging in at another wiki than WebAuth was set up fails"
Summary: 2FA login with WebAuthn only works on the wiki where the security key was registered
Configuration:
- YubiKey 5 with PIN enabled
- Google Chrome 110.0.5481.104
- Windows 10
Repro steps
- Request
oauth-enableperms on meta - ok (Special:Diff/24594457) - Go to Special:Manage Two-factor authentication on meta
- Enable 2FA and enroll Yubikey on meta - ok
- Log in on meta, default login options - ok
- Log out of meta
- Go to en.wiki and click log in with username/password; offer key PIN and touch Yubi
Expected vs actual result:
- Expected result: Logged in to enwiki
- Actual result: Not logged in, Yubikey not recognized: Windows Security dialog says "This security key doesn't look familiar. Please try another one."
Workaround:
- Log out on meta
- Log in on meta
- Go to en.wiki
- Click Log in on en.wiki: username/password login page briefly appears and then redirected to main page as logged in without any further action
- Note after this login, I can go to special:Preferences, click Manage 2FA, and the wiki seems to know that WebAuthn is enabled, and the security key with the nickname I gave it in step 3 is listed as a registered key, even though I can not log in with it.
Note: I disabled 2FA and re-enrolled the security key on en.wiki and repeated the process of logging in on the other wiki. Same results, that is, I could only log in to en.wiki with the security key but could click "log in" on meta once I was logged in on en.wiki.