Yubikey as a passkey login method

Has anyone used a Yubikey as a passkey login method on here? I’ve tried several times and always get a “Not Allowed” message. I have added one via software, but I was attempting to use the Yubikey. I was just wondering if anyone had success with a hardware key.

Are you trying with NFC or with a usb-c yubikey? I only have a usb-a yubikey and haven’t tried it with a phone but do have a usb-a to usb-c adapter I could probably dig up.

I’m using the USB-C port of a Yubikey 5NFC. I have two, and tried both to ensure it wasn’t a bad key.

But now that you asked, I will try the NFC part and see what it does.

So an update on this…

interestingly enough, I was able to add my Yubikey via the iode mobile browser. But, when I actually try to use it I get essentially a message that its not valid, and that was from trying to login via the desktop browser Brave. But I use it with Brave and sites often, so its not a Brave thing with my Yubikey.

Brave on desktop and brave on mobile is a bit different, all mobile apps are more sandboxed / isloated. I am not saying it can’t work, but it may take a bit more digging around. I don’t think anything from Yubikey would require Google Play services, so I think a broader search on “Android Brave + Yubikey” or something along those lines may be a place to start.

Possibly iodé blocker is at play here, you could attempt to disable it for Brave for testing purposes.

OK, so let me clarify, so you know where things stand. My posts are probably a bit confusing.

On my desktop, with Brave, when I try to add my Yubikey as a Passkey with community.iode I receive this:

On my FP4 with iode, using iode default browser, I’m actually able to add my Yubikey, but then logins won’t recognize it as valid. Thats when I get this:

I’ve only don’t some basic testing, and it was really why I asked the community, to see if anyone else had actually gotten one paired successfully.

I use Proton Pass, as a software passkey, and it works fine on both desktop and mobile. But in the last week I’ve been seeing just how much stuff I can secure with my Yubikey… and this site kinda balked at me. I have been successful with sites like Proton, Apple, Github, Mint Mobile, etc.

Tomorrow I’ll run through several browsers on my phone and desktop, to see what results I get and I’ll post what I find.

So this AM I did some testing…

First… now I cannot get yubikeys to work with my FP4 and iode 6.1 at all. I tried removing and replacing apps, downloaded and tried all the major browsers (FF, Chrome, DDG) and none worked for adding or using (installed on my account) keys. The best I can get at the moment is for the browser to call the yubi authentication app, but instead of asking for a FIDO PIN, it always drops to the OTP page on that app.

On the desktop, I tried FF, LibreWolf, Chrome (completely vanilla) and Brave.

This site works fine with FF and LibreWolf. I can add, remove and use keys, both with and without my Proton Pass web extension installed.

Chrome and Brave CANNOT install a new key, but they can use an existing key that is already installed. When I try to install a new key I get that same message as I posted above (not allowed).

That’s what I got… lol

One note… on Iode under Settings - Passwords, passkeys and accounts, where you can set a preferred I don’t see the Yubi Authentication or even Chrome, but then Firefox and Iode show up, along with Proton Pass and Tor. I’m going to have to look into that, just to see what effect it may/may not have. I just found it odd that three browsers show, and the others don’t.

So I spent the afternoon reading Yubi docs on this, and it should work. That being said, I can’t get a hardware passkey to work properly on any browser. The best option I found to work was using a software password manager like Proton Pass with Passkey support.

But good news… I can take my iPhone 14 Pro and log into iode, or any other site, with my Yubikeys and Safari just fine… :slight_smile:

I was just able to login to Github using the iodé browser (Firefox) using my Yubikey via NFC by holding it to the back of the phone when prompted.

So I don’t know how to advise you correctly but it seems like it should work.

My thought on USB passthrough for Android is that will be a bit complicated, since when connecting via USB by default it will not pass data through. A Yubikey essentially just passes a text string through so would need (??) the USB device to auto-connect in data transfer mode. So if you can try NFC I think it will be less complicated.

I’m glad yours works. That gives me hope… LOL There is no doubt, my phone is all jacked up right now. I’m pretty sure this was working before I went to A15… but as I posted earlier, I was able to add a passkey with my device and iode browser, but now I can’t even do that. I’ve messed with it so much, I may have to reset it at this point.

I have been using primarily NFC, and when I connect or use NFC, my Yubi Authentication loads immediately, and drops me to the OTP page. So that seems to be interrupting the browser-side of things.

If you don’t mind, can you answer some questions? I’m just hoping I see a difference, and go from there.

1, When you use the browser on you mobile, and you log into github, is that via Passkey or OTP?
2. If it’s Passkey, does the browser ask for a PIN first? (mine won’t on the mobile, but does on the desktop)
3. In iode Settings - Passwords, Passkeys and Accounts, is there a preferred app set? (mine is Proton Pass, and if I set NONE, then nothing works).

Anyway, thanks for confirming for me @rik

I did just run across this…

My Yubi is 5.7.1

I do not own any security key, so I cannot help you much, but iodé uses microG and I see there are issues in their repository regarding passkeys. Maybe some of them are the cause of your troubles? Maybe you created several passkeys for this site, and this prevents you from choosing one?
If this is not the issue, there are others.

1 Like