• Resolved Hans-Helge Buerger

    (@obstschale)


    I installed the plugin and set up everything. I chose “FIDO Universal 2nd Factor (U2F)” as default option and registered my YUBICO Key successfully.

    However when I try to login. WordPress asks for my Key but when I touch it it does not log me in. Instead the following output is visible in the Console:

    JS Debug

    More information. I use:

    WP 4.8
    Two-Factor Version 0.1-dev-20170603
    Chrome Version 59.0.3071.115

    I also use one-time password with Google Authenticator and these work just fine.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Kaspars

    (@kasparsd)

    Error code 4 stands for DEVICE_INELIGIBLE which is defined here. I just tested the U2F login with my YubiKey NEO and it is working correctly.

    Could you please try removing and registering the key again?

    Thread Starter Hans-Helge Buerger

    (@obstschale)

    Thx for your reply. It works now, but it is a little bit tricky and not absolute user friendly. Let me explain:

    I have a WP Multisite, which runs on example.com and I have 2 sub sites. One runs on sub.example.com and the other on example2.com.

    If I register my YubiKey in my profile, this key is shown in my profile. Like you know, the profile is always the same and not linked to the site where I’m on. However, the YubiKey only works with that one site I was logged in while registering the key.

    That mean for example, I am logged in at example.com and I register my key, so I can only login when I try to login via example.com/wp-login.php. The other two sites will give the Error Code 4.

    Interestingly, I can register the same key multiple times. So I registered this key 3 times, one time on each site (main domain, new domain, sub site domain) and now the sign array holds 3 keys (one for each site) and I can log in no matter on what site.

    So you see, in my profile 3 keys are listed, which are actually the same key. It would be nice if I only had to register the key once for a network. If that is not possible because of the protocol, maybe it is linked to the domain, it would be nice to see only the one key, which belongs to that site.

    Plugin Author Kaspars

    (@kasparsd)

    Thanks for the detailed feedback!

    This is a known issue which has been documented here:
    https://github.com/georgestephanis/two-factor/issues/102

    The issue is with U2F standard and the AppId being associated with a particular domain. The Multi-facet apps approach might now work on sites with many sites.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘U2F: Registration Failed 4’ is closed to new replies.