EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 6 Jul 2022, 07:14 PM   #1
gardenweed
Cornerstone of the Community
 
Join Date: Jun 2008
Location: Perth
Posts: 666
FM U2F support ending in July

Anyone else get a message that U2F support will be ending in July 2022?
I have a Yubikey that I use and is registered as a two factor verification device.

I recently got an email from FM about it...
The message says:

Quote:
We will be removing support for U2F at the end of July.

You currently have a security key called "blah blah blah Yubikey" registered to your Fastmail account.

This security key uses an older form of authentication known as U2F, which has been superseded by WebAuthn.

When we remove support for U2F, this key can no longer be used to validate you when logging in to your Fastmail account. This means that you will need to update your security key to use WebAuthn.
My Yubikey an older key, bought in 2016, and is FIDO U2F security key.
So as far as I can tell, it will no longer be able to be used.
The quoted "WebAuthn" is FIDO2, which is not what I have.
I can't magically upgrade it to FIDO2.

I think what this means for me is that if I want to use a Yubikey with FM, I'll need to fork out another US$45 (+ GST + shipping) for the version that uses FIDO2.

Hmmm. Maybe I'll just stick with the free Google Authenticator App for my 2nd factor.
Seems to me I'm forced to take a backward step in 2FA, unless I buy a new key.

Anyone else in the same boat?
gardenweed is offline   Reply With Quote

Old 6 Jul 2022, 09:48 PM   #2
Folio
Member
 
Join Date: Jul 2014
Posts: 77
I have a couple of old FIDO keys associated with my Fastmail account. I just needed to re-authorize them in the Password & Security section of the settings. No need to buy new keys.
Folio is offline   Reply With Quote
Old 6 Jul 2022, 10:36 PM   #3
gardenweed
Cornerstone of the Community
 
Join Date: Jun 2008
Location: Perth
Posts: 666
Quote:
Originally Posted by Folio View Post
I have a couple of old FIDO keys associated with my Fastmail account. I just needed to re-authorize them in the Password & Security section of the settings. No need to buy new keys.
Interesting.
I did try to re-authorise the key, several times, but it failed each time.
I tried using a couple of browsers, Edge and Chrome.
But no luck.

Does your key also have FIDO2 as well as FIDO?
gardenweed is offline   Reply With Quote
Old 6 Jul 2022, 11:26 PM   #4
Folio
Member
 
Join Date: Jul 2014
Posts: 77
Quote:
Originally Posted by gardenweed View Post
Does your key also have FIDO2 as well as FIDO?
Not that I'm aware of, but your experience makes me wonder. One of mine is a Feitian FIDO U2F and the other is a Yubikey FIDO U2F. Both were purchased in 2017. I was using Chrome when I re-registered them. The email I received from Fastmail listed the keys that I had registered with U2F and stated: "You do not need to replace your physical security keys. Please update your security keys by re-registering them in your Fastmail account..."
Folio is offline   Reply With Quote
Old 6 Jul 2022, 11:40 PM   #5
gardenweed
Cornerstone of the Community
 
Join Date: Jun 2008
Location: Perth
Posts: 666
My key is a Yubikey.
It was bought in 2016 and was called a "FIDO U2F Security Key"
It is blue and has a circular recess with a copper touch pad.
On the touch pad is engraved a key that has 2 "teeth" or bits, and a circular head or bow.
gardenweed is offline   Reply With Quote
Old 6 Jul 2022, 11:59 PM   #6
evfrson
Senior Member
 
Join Date: Oct 2015
Location: Singapore
Posts: 173
I have 2 old FIDO U2F keys both from 2014.
One is blue as described by gardenweed and the other is orange/white plastic with plug-up written on it.
I haven't received any emails from Fastmail so it will be interesting to see what happens at the end of July.
evfrson is offline   Reply With Quote
Old 7 Jul 2022, 02:17 AM   #7
placebo
Cornerstone of the Community
 
Join Date: Jun 2004
Posts: 749
Quote:
Originally Posted by gardenweed View Post
Interesting.
I did try to re-authorise the key, several times, but it failed each time.
I tried using a couple of browsers, Edge and Chrome.
But no luck.

Does your key also have FIDO2 as well as FIDO?
If your key supports U2F, it should be backward compatible if it support CTAP2.

https://www.yubico.com/blog/10-thing...ordless-world/
Is FIDO2 backwards-compatible with current YubiKey models?

The WebAuthn component of FIDO2 is backwards-compatible with FIDO U2F authenticators via the CTAP1 protocol in the WebAuthn specifications. This means that all previously certified FIDO U2F Security Keys and YubiKeys will continue to work as a second-factor authentication login experience with web browsers and online services supporting WebAuthn.

The new FIDO2 passwordless experience will require the additional functionally of CTAP2, which is currently only offered in the new Security Key by Yubico. CTAP2 is not supported in previous FIDO U2F Security Keys, or current YubiKey 4 series, or the YubiKey NEO.
It sounds like perhaps your Security Key is the older version. On the other hand, according to the second paragraph, my Yubikey 4 shouldn't work either, but I was able to update my credentials with Fastmail.
placebo is offline   Reply With Quote
Old 7 Jul 2022, 09:27 AM   #8
gardenweed
Cornerstone of the Community
 
Join Date: Jun 2008
Location: Perth
Posts: 666
I tried again to re-authorise the Yubikey.
This time on a different PC (the 3rd one I've tried), Windows 10 and Chrome.
I get the same notice "Sorry something has gone wrong".

I have a ticket open with FM.

The Yubikey I have looks the same as shown here.
And as shown in the Wikipedia page
gardenweed is offline   Reply With Quote
Old 7 Jul 2022, 11:37 AM   #9
gardenweed
Cornerstone of the Community
 
Join Date: Jun 2008
Location: Perth
Posts: 666
So maybe this is resolved.

I raised a ticket and FM looked into the issue.

Apparently there was an existing instance of my Yubikey authorisation with Webauthn.
I could see the entry but was not able to identify it as being associated with my Yubikey.
Anyway, this existing instance was causing the error when I tried to re-authorise the U2F instance of the same key.
I have now removed the old U2F instance.
The Webauthn instance remains.
All seems to work ok now.

Thanks for everyone's interest and comments along the way.

I hope maybe this will help someone else if they hit the same issue.
gardenweed is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 09:06 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy