FIDO2 in Android app is not working #1363

@mpbw2 commented on GitHub (Oct 18, 2021):

You have to disable your YubiKey's OTP-over-NFC option. Check out the "Troubleshooting YubiKey NFC" section from our help page at https://bitwarden.com/help/article/setup-two-step-login-fido/

@mpbw2 commented on GitHub (Oct 18, 2021): You have to disable your YubiKey's OTP-over-NFC option. Check out the "Troubleshooting YubiKey NFC" section from our help page at https://bitwarden.com/help/article/setup-two-step-login-fido/

GiteaMirror commented

@numeratorjik commented on GitHub (Oct 18, 2021):

That may be a workaround, but like I said, other apps which I authenticate to using my YubiKey work just fine over NFC on my phone, so even if there is a workaround then it would seem that there is something wrong with the Bitwarden implementation of this.

@numeratorjik commented on GitHub (Oct 18, 2021): That may be a workaround, but like I said, other apps which I authenticate to using my YubiKey work just fine over NFC on my phone, so even if there is a workaround then it would seem that there is something wrong with the Bitwarden implementation of this.

GiteaMirror commented

@numeratorjik commented on GitHub (Oct 18, 2021):

Furthermore, when I run Yubikey Manager on macOS and insert my Yubikey NEO and go to the Interfaces screen, it does not show NFC interfaces, so apparently I can't disable OTP over NFC for my Yubikey.

Y'all need to rethink something here.

@numeratorjik commented on GitHub (Oct 18, 2021): Furthermore, when I run Yubikey Manager on macOS and insert my Yubikey NEO and go to the Interfaces screen, it does not show NFC interfaces, so apparently I can't disable OTP over NFC for my Yubikey. Y'all need to rethink something here.

GiteaMirror commented

2025-11-26 22:46:14 -06:00

@numeratorjik commented on GitHub (Oct 18, 2021):

Please reopen this issue until you have figured out how to make WebAuthn work on Android for Yubikey NEO users.

@numeratorjik commented on GitHub (Oct 18, 2021): Please reopen this issue until you have figured out how to make WebAuthn work on Android for Yubikey NEO users.

GiteaMirror commented

@mpbw2 commented on GitHub (Oct 18, 2021):

@numeratorjik I agree it's not ideal, but I was unable to find a way to prevent Android's default NDEF scan behavior during my time working on this feature. Can you provide some examples of apps that are able to do it? I'm happy to look into it if it's possible.

@mpbw2 commented on GitHub (Oct 18, 2021): @numeratorjik I agree it's not ideal, but I was unable to find a way to prevent Android's default NDEF scan behavior during my time working on this feature. Can you provide some examples of apps that are able to do it? I'm happy to look into it if it's possible.

GiteaMirror commented

2025-11-26 22:46:14 -06:00

@numeratorjik commented on GitHub (Oct 18, 2021):

1Password, for one. Also Google itself.
The problem isn't so much that scanning my YubiKey loads the Yubico demo OTP page; that happens with 1Password too. The problem is that however apps like 1Password are doing things enables them to complete the FIDO2 / WebAuthn authentication before the demo OTP page is loaded, whereas the Bitwarden app doesn't.

@numeratorjik commented on GitHub (Oct 18, 2021): 1Password, for one. Also Google itself. The problem isn't so much that scanning my YubiKey loads the Yubico demo OTP page; that happens with 1Password too. The problem is that however apps like 1Password are doing things enables them to complete the FIDO2 / WebAuthn authentication _before_ the demo OTP page is loaded, whereas the Bitwarden app doesn't.

GiteaMirror commented

@mpbw2 commented on GitHub (Oct 18, 2021):

Reopening to continue research into handling secondary scan.

@mpbw2 commented on GitHub (Oct 18, 2021): Reopening to continue research into handling secondary scan.

GiteaMirror commented

@mderazon commented on GitHub (Oct 19, 2021):

@mportune-bw in response to https://community.bitwarden.com/t/u2f-support-over-nfc/611/53?u=miked
I am not sure my problem is the same, I have a fido u2f key (non yubikey) that generally work with webauthn everywhere (and has NFC)
I am going through the same flow, getting the OS screen (Choose how to use your security key) and after I authenticate, focus goes back to the app and I see a generic error dialog saying

An error has occurred

I would be happy to record the flow, but Bitwarden has screen capturing protection and can't find a way to disable it

Might be related
https://github.com/bitwarden/clients/issues/2803

@mderazon commented on GitHub (Oct 19, 2021): @mportune-bw in response to https://community.bitwarden.com/t/u2f-support-over-nfc/611/53?u=miked I am not sure my problem is the same, I have a fido u2f key (non yubikey) that generally work with webauthn everywhere (and has NFC) I am going through the same flow, getting the OS screen (Choose how to use your security key) and after I authenticate, focus goes back to the app and I see a generic error dialog saying > An error has occurred I would be happy to record the flow, but Bitwarden has screen capturing protection and can't find a way to disable it Might be related https://github.com/bitwarden/clients/issues/2803

GiteaMirror commented

@project-eutopia commented on GitHub (Oct 28, 2021):

I have this same problem as well. I tried disabling OTP over NFC (ykman config nfc --disable OTP), confirmed it was disabled using the ykman info command, and then tried authenticating with my Yubikey over NFC on Android but still get the same "An error has occurred." dialog. The only difference after disabling OTP is that now it doesn't immediately try to open a browser after I tap my Yubikey to my phone for NFC. I am on Android 12, and the newest Android version of Bitwarden 2.14.0.

@project-eutopia commented on GitHub (Oct 28, 2021): I have this same problem as well. I tried disabling OTP over NFC (`ykman config nfc --disable OTP`), confirmed it was disabled using the `ykman info` command, and then tried authenticating with my Yubikey over NFC on Android but still get the same "An error has occurred." dialog. The only difference after disabling OTP is that now it doesn't immediately try to open a browser after I tap my Yubikey to my phone for NFC. I am on Android 12, and the newest Android version of Bitwarden 2.14.0.

GiteaMirror commented

@mpbw2 commented on GitHub (Oct 28, 2021):

@project-eutopia That sounds like a different issue. Can you try deleting and re-adding your Yubikey via the web vault settings, then try logging in again on Android?

@mpbw2 commented on GitHub (Oct 28, 2021): @project-eutopia That sounds like a different issue. Can you try deleting and re-adding your Yubikey via the web vault settings, then try logging in again on Android?

GiteaMirror commented

@project-eutopia commented on GitHub (Oct 28, 2021):

@mportune-bw Thank you for your follow up, that seems to have worked!

@project-eutopia commented on GitHub (Oct 28, 2021): @mportune-bw Thank you for your follow up, that seems to have worked!

GiteaMirror commented

@mpbw2 commented on GitHub (Oct 29, 2021):

@mderazon I agree it might be related to that web issue as that particular error is generated from our web connector and returned to the app for display. I'm keeping an eye on it.

@mpbw2 commented on GitHub (Oct 29, 2021): @mderazon I agree it might be related to that web issue as that particular error is generated from our web connector and returned to the app for display. I'm keeping an eye on it.

GiteaMirror commented

@zaneselvans commented on GitHub (Dec 29, 2021):

I'm having what seems like the same issue on a Pixel 5a with a Yubikey NEO. I see now that the ... in the upper right hand corner of the screen offers other 2FA options, including using a Yubikey NEO, rather than getting dumped directly to WebAuthn. These other 2FA options should be much more prominent in the flow somehow -- let folks choose which 2FA method to use explicitly. It took me an hour or more of messing around with this before I figured out there were other options.

@zaneselvans commented on GitHub (Dec 29, 2021): I'm having what seems like the same issue on a Pixel 5a with a Yubikey NEO. I see now that the ... in the upper right hand corner of the screen offers other 2FA options, including using a Yubikey NEO, rather than getting dumped directly to WebAuthn. These other 2FA options should be much more prominent in the flow somehow -- let folks choose which 2FA method to use explicitly. It took me an hour or more of messing around with this before I figured out there were other options.

GiteaMirror commented

@DonRohan commented on GitHub (Jul 13, 2022):

@mportune-bw in response to https://community.bitwarden.com/t/u2f-support-over-nfc/611/53?u=miked I am not sure my problem is the same, I have a fido u2f key (non yubikey) that generally work with webauthn everywhere (and has NFC) I am going through the same flow, getting the OS screen (Choose how to use your security key) and after I authenticate, focus goes back to the app and I see a generic error dialog saying

An error has occurred

I would be happy to record the flow, but Bitwarden has screen capturing protection and can't find a way to disable it

Might be related bitwarden/clients#2803

I'm having the same Issue with a Yubikey 5 NFC and a Solokey Type-C. Webauthn doesnt work with the Bitwarden-App. Even after disabling OTP.

@DonRohan commented on GitHub (Jul 13, 2022): > @mportune-bw in response to https://community.bitwarden.com/t/u2f-support-over-nfc/611/53?u=miked I am not sure my problem is the same, I have a fido u2f key (non yubikey) that generally work with webauthn everywhere (and has NFC) I am going through the same flow, getting the OS screen (Choose how to use your security key) and after I authenticate, focus goes back to the app and I see a generic error dialog saying > > > An error has occurred > > I would be happy to record the flow, but Bitwarden has screen capturing protection and can't find a way to disable it > > Might be related [bitwarden/clients#2803](https://github.com/bitwarden/clients/issues/2803) I'm having the same Issue with a Yubikey 5 NFC and a Solokey Type-C. Webauthn doesnt work with the Bitwarden-App. Even after disabling OTP.

GiteaMirror commented

@ImprovingRigmarole commented on GitHub (Sep 13, 2022):

I'm having the exact same issue on Android 12, impossible to use a yubikey via FIDO2 (OTP is disabled) :

via NFC : gives the An error has occurred popup
via USB : the OS screen asks for authorization to use USB with the yubikey, asks to press the button, but the led blinks really fast for like 200ms and after this, nothing, and the press the button screen stays forever

Any update on this ?

@ImprovingRigmarole commented on GitHub (Sep 13, 2022): I'm having the exact same issue on Android 12, impossible to use a yubikey via FIDO2 (OTP is disabled) : - via NFC : gives the `An error has occurred` popup - via USB : the OS screen asks for authorization to use USB with the yubikey, asks to press the button, but the led blinks really fast for like 200ms and after this, nothing, and the `press the button` screen stays forever Any update on this ?

GiteaMirror commented

@kevinjbeattie commented on GitHub (Sep 29, 2022):

I opened a bug regarding WebView on Android here: https://issuetracker.google.com/issues/249758200

@kevinjbeattie commented on GitHub (Sep 29, 2022): I opened a bug regarding WebView on Android here: https://issuetracker.google.com/issues/249758200

GiteaMirror commented

@k3a commented on GitHub (Oct 8, 2022):

It also didn't work for me with Solo NFC key. Additionally there was no option to select a different 2FA like Authenticator. Such option was available while logging in to the Bitwarden web. I had to disable Solo NFC key in account settings to be able to log in from the Android app.

@k3a commented on GitHub (Oct 8, 2022): It also didn't work for me with Solo NFC key. Additionally there was no option to select a different 2FA like Authenticator. Such option was available while logging in to the Bitwarden web. I had to disable Solo NFC key in account settings to be able to log in from the Android app.

GiteaMirror commented

2025-11-26 22:46:20 -06:00

@BrendanxP commented on GitHub (Oct 22, 2022):

I have the exact same issue and I already unchecked OTP. Bought 5 YubiKey's all with NFC, some with USB-C, but not one works properly on Android.
USB makes the light blink for 200ms and it stops thereafter. No matter if I spam the button instantly or wait a little bit, the key is not picked up. Via NFC it tells me that it succeeded, but then nothing happens. And if i click all windows away the login will give an error. Tried clearing everything from the key and reenabling the FIDO2 auth multiple times. I have no idea what is going wrong here.

@BrendanxP commented on GitHub (Oct 22, 2022): I have the exact same issue and I already unchecked OTP. Bought 5 YubiKey's all with NFC, some with USB-C, but not one works properly on Android. USB makes the light blink for 200ms and it stops thereafter. No matter if I spam the button instantly or wait a little bit, the key is not picked up. Via NFC it tells me that it succeeded, but then nothing happens. And if i click all windows away the login will give an error. Tried clearing everything from the key and reenabling the FIDO2 auth multiple times. I have no idea what is going wrong here.

GiteaMirror commented

@Sparticuz commented on GitHub (Feb 1, 2023):

I've got the same problem as @improving-rigmarole. The led blinks quickly, as if it's failing a handshake or something, then I get this error after a number of seconds. Using default chrome as the webview

@Sparticuz commented on GitHub (Feb 1, 2023): I've got the same problem as @improving-rigmarole. The led blinks quickly, as if it's failing a handshake or something, then I get this error after a number of seconds. Using default chrome as the webview ![Screenshot_20230201-085233.png](https://user-images.githubusercontent.com/161913/216062197-7e1cc74f-8e41-44ec-937c-1e224d6de78c.png)

GiteaMirror commented

2025-11-26 22:46:21 -06:00

@RZR7332 commented on GitHub (Feb 2, 2023):

I've got the same problem as @improving-rigmarole. The led blinks quickly, as if it's failing a handshake or something, then I get this error after a number of seconds. Using default chrome as the webview

Exact same problem I am facing as well.

@RZR7332 commented on GitHub (Feb 2, 2023): > I've got the same problem as @improving-rigmarole. The led blinks quickly, as if it's failing a handshake or something, then I get this error after a number of seconds. Using default chrome as the webview > > ![Screenshot_20230201-085233.png](https://user-images.githubusercontent.com/161913/216062197-7e1cc74f-8e41-44ec-937c-1e224d6de78c.png) Exact same problem I am facing as well.

GiteaMirror commented

2025-11-26 22:46:21 -06:00

@mderazon commented on GitHub (Feb 7, 2023):

Please see this screencast

https://user-images.githubusercontent.com/717076/217385177-a9256b72-9d67-4313-a1f1-3b7824e71749.mp4

Cannot sign in. Unfortunately, Bitwarden has screen capture protection on by default so the flow starts in the video in black screen from the app, where it goes to the browser and back to the app with failure

@mderazon commented on GitHub (Feb 7, 2023): Please see this screencast https://user-images.githubusercontent.com/717076/217385177-a9256b72-9d67-4313-a1f1-3b7824e71749.mp4 Cannot sign in. Unfortunately, Bitwarden has screen capture protection on by default so the flow starts in the video in black screen from the app, where it goes to the browser and back to the app with failure

GiteaMirror commented

2025-11-26 22:46:22 -06:00

@Jademalo commented on GitHub (May 29, 2023):

I need to add myself to the voices having problems here, but I think the issue is much bigger than just Bitwarden. Any FIDO2 supporting application is giving me trouble.

To hopefully shed a bit of light on the situation here, after a lot of research and testing it seems that Android's implementation of WebAuthn does not correctly implement CTAP2, and only really implements CTAP1 (U2F).

If the device tries to authenticate with Anrdoid using the FIDO2 CTAP2 protocol, it will fail.
Due to this, Android flat out cannot handle any situation with Discoverable credentials (formerly called Resident credentials), and it cannot request a hardware set PIN. In addition, Android WebView also does not support WebAuthn, and you need to make sure your default browser supports it.

Since Bitwarden's implementation of FIDO2 does not request a pin and can only be used as a 2FA key with a username and password, it theoretically should work on Android. However, it will only work if the FIDO U2F interface is enabled in the YubiKey Manager. I assume this is because a 2FA only request that does not require a PIN can fall back to CTAP1/U2F and correctly authenticate.
EDIT: Just for further detail, signing in to Google with a Discoverable FIDO2 key registered doesn't seem to be able to fall back to U2F in a 2FA situation where you provide a username and password, even if it works on PC in the same way without a PIN. I assume this is because a Discoverable credential cannot fall back to U2F in any situation.
This reddit post was what tipped me off to the reasoning, and this google groups post had information about Android not implementing CTAP2.

With FIDO U2F disabled, both Firefox and Chrome give errors, though different.

Chrome gives the error;

An error has occurred.
Please make sure your default browser supports WebAuthn and try again.

NotReadableError: An Unknown error occured while talking to the credential manager.

Firefox gives the error;

An error has occurred.
Please make sure your default browser supports WebAuthn and try again.

NotReadableError: The operation failed for an unknown transient reason.

To summarise;

Android does not implement CTAP2, and only implements CTAP1.
The only FIDO2 keys that work on Android are Non-Discoverable keys with requests that don't require a PIN, therefore allowing them to fall back to CTAP1/U2F.
In order to resolve the issue for Bitwarden, for either USB or NFC you need to make sure at least FIDO U2F is enabled. FIDO2 does not need to be enabled, but it doesn't seem to affect things if it is.

@Jademalo commented on GitHub (May 29, 2023): I need to add myself to the voices having problems here, but I think the issue is much bigger than just Bitwarden. Any FIDO2 supporting application is giving me trouble. To hopefully shed a bit of light on the situation here, after a lot of research and testing it seems that Android's implementation of WebAuthn does not correctly implement CTAP2, and only really implements CTAP1 (U2F). If the device tries to authenticate with Anrdoid using the FIDO2 CTAP2 protocol, it will fail. Due to this, Android flat out cannot handle any situation with Discoverable credentials (formerly called Resident credentials), and [it cannot request a hardware set PIN](https://support.yubico.com/hc/en-us/articles/360016615020-Operating-system-and-web-browser-support-for-FIDO2-and-U2F). In addition, [Android WebView also does not support WebAuthn](https://issuetracker.google.com/issues/249758200?pli=1), and you need to make sure your default browser supports it. Since Bitwarden's implementation of FIDO2 does not request a pin and can only be used as a 2FA key with a username and password, it theoretically should work on Android. However, **it will only work if the `FIDO U2F` interface is enabled in the YubiKey Manager**. I assume this is because a 2FA only request that does not require a PIN can fall back to CTAP1/U2F and correctly authenticate. **EDIT:** Just for further detail, signing in to Google with a Discoverable FIDO2 key registered doesn't seem to be able to fall back to U2F in a 2FA situation where you provide a username and password, even if it works on PC in the same way without a PIN. I assume this is because a Discoverable credential cannot fall back to U2F in any situation. [This reddit post](https://old.reddit.com/r/GooglePixel/comments/12td3l4/can_a_pixel_read_a_yubikey/) was what tipped me off to the reasoning, and [this google groups post](https://groups.google.com/a/fidoalliance.org/g/fido-dev/c/H_32sr1STAg) had information about Android not implementing CTAP2. With FIDO U2F disabled, both Firefox and Chrome give errors, though different. Chrome gives the error; > **An error has occurred.** > Please make sure your default browser supports WebAuthn and try again. > > NotReadableError: An Unknown error occured while talking to the credential manager. Firefox gives the error; > **An error has occurred.** > Please make sure your default browser supports WebAuthn and try again. > > NotReadableError: The operation failed for an unknown transient reason. To summarise; - Android does not implement CTAP2, and only implements CTAP1. - The only FIDO2 keys that work on Android are Non-Discoverable keys with requests that don't require a PIN, therefore allowing them to fall back to CTAP1/U2F. - **In order to resolve the issue for Bitwarden, for either USB or NFC you need to make sure at least FIDO U2F is enabled.** FIDO2 does not need to be enabled, but it doesn't seem to affect things if it is.

GiteaMirror commented

2025-11-26 22:46:22 -06:00

@phil-w commented on GitHub (Jul 8, 2023):

Same NotAllowedError from the Bitwarden app.

I'd add that if I use my same default browser (Brave) to access the Bitwarden website itself from Android 13, the FIDO2 2FA also fails in the same way. => I can't use Bitwarden with 2fa via Android, although it works fine from Windows.

@phil-w commented on GitHub (Jul 8, 2023): Same NotAllowedError from the Bitwarden app. I'd add that if I use my same default browser (Brave) to access the Bitwarden website itself from Android 13, the FIDO2 2FA also fails in the same way. => I can't use Bitwarden with 2fa via Android, although it works fine from Windows.

GiteaMirror commented

2025-11-26 22:46:23 -06:00

@AlmAck commented on GitHub (Jul 10, 2023):

Exact same problem, on android (Pixel5) was working just fine, I had to change the KDF iteration and after that I can't login anymore with the NFC key on my phone. I tried to used also firefox, switch network, reinstall... still nothing. On desktop linux works fine.
Android: 13
Bitwarden app: 2023.5.0

EDIT:
I fixed my problem by removing the FIDO key as 2 factor authentication and adding it back. My FIDO was marked as (migrated) in the vault configuration panel, that could be the issue.
I got the idea from this issue: https://github.com/bitwarden/clients/issues/2803

@AlmAck commented on GitHub (Jul 10, 2023): Exact same problem, on android (Pixel5) was working just fine, I had to change the KDF iteration and after that I can't login anymore with the NFC key on my phone. I tried to used also firefox, switch network, reinstall... still nothing. On desktop linux works fine. Android: 13 Bitwarden app: 2023.5.0 EDIT: I fixed my problem by removing the FIDO key as 2 factor authentication and adding it back. My FIDO was marked as (migrated) in the vault configuration panel, that could be the issue. I got the idea from this issue: https://github.com/bitwarden/clients/issues/2803

GiteaMirror commented

2025-11-26 22:46:23 -06:00

@smury commented on GitHub (Jul 24, 2023):

I had the same issue (Android 13, Pixel 6a) and also recently changed my KDF iteration (though I think my keys (Yubico Security key) were already marked as migrated from FIDO before that).
Anyway, @AlmAck's fix worked for me.

@smury commented on GitHub (Jul 24, 2023): I had the same issue (Android 13, Pixel 6a) and also recently changed my KDF iteration (though I think my keys (Yubico Security key) were already marked as migrated from FIDO before that). Anyway, @AlmAck's fix worked for me.

GiteaMirror commented

2025-11-26 22:46:23 -06:00

@phil-w commented on GitHub (Jul 25, 2023):

As per @AlmAck my keys were marked "migrated" as I'd followed Bitwarden's request to change my "KDF iteration" also. That fix worked for my Android 10 tablet, on which I can now login via browser (Brave, shields up). So at least I can get a password that way.

However... the App still fails as before on my Android 13 phone, and using the same Brave browser also fails there, shields up or down. The symptom is the same - it hangs after the NFC read and if you "back" a few times, you can get back to the web page with the errors in red boxes.

Ah well, so removing then re-adding the keys (a) clears the "migrated" marking, and (b) fixes my Android 10 browser at least. So some progress... that's at least one thing needs to be added to the "increase your KDF Iteration" instructions, which is that once you've done it, you need to remove and re-add all FIDO2 keys or they're "migrated", which means "broken".

@phil-w commented on GitHub (Jul 25, 2023): As per @AlmAck my keys were marked "migrated" as I'd followed Bitwarden's request to change my "KDF iteration" also. That fix worked for my Android 10 tablet, on which I can now login via browser (Brave, shields up). So at least I can get a password that way. However... the App still fails as before on my Android 13 phone, and using the same Brave browser also fails there, shields up or down. The symptom is the same - it hangs after the NFC read and if you "back" a few times, you can get back to the web page with the errors in red boxes. Ah well, so removing then re-adding the keys (a) clears the "migrated" marking, and (b) fixes my Android 10 browser at least. So some progress... that's **at least one thing needs to be added** to the "increase your KDF Iteration" instructions, which is that once you've done it, you need to remove and re-add all FIDO2 keys or they're "migrated", which means "broken".

GiteaMirror commented

@mderazon commented on GitHub (Nov 22, 2023):

Bitwarden TWO-STEP LOGIN FIDO2 WebAuthn screens mentiones this warning:

WARNING
Due to platform limitations, WebAuthn cannot be used on all Bitwarden applications. You should set up another two-step login provider so that you can access your account when WebAuthn cannot be used. Supported platforms:

Web vault and browser extensions on a desktop/laptop with a WebAuthn supported browser (Chrome, Opera, Vivaldi, or Firefox with FIDO U2F turned on).

Does that mean that the feature is not supported in mobile at all ?

If I am using this website on the same phone with the same key and same browser it works fine:
https://www.token2.com/tools/fido2-demo

Problem is that since Bitwarden is a critical system for many people, you want to have good security on it, and physical keys are the best security possible.
Without the mobile support, you cannot enable physical only based auth

@mderazon commented on GitHub (Nov 22, 2023): Bitwarden TWO-STEP LOGIN FIDO2 WebAuthn screens mentiones this warning: > WARNING > Due to platform limitations, WebAuthn cannot be used on all Bitwarden applications. You should set up another two-step login provider so that you can access your account when WebAuthn cannot be used. Supported platforms: > - Web vault and browser extensions on a desktop/laptop with a WebAuthn supported browser (Chrome, Opera, Vivaldi, or Firefox with FIDO U2F turned on). Does that mean that the feature is not supported in mobile at all ? If I am using this website on the same phone with the same key and same browser it works fine: https://www.token2.com/tools/fido2-demo Problem is that since Bitwarden is a critical system for many people, you want to have good security on it, and physical keys are the best security possible. Without the mobile support, you cannot enable physical only based auth

GiteaMirror commented

@fliespl commented on GitHub (Apr 7, 2024):

I just stumbled across this one and failed after 30 minutes to use yubikey 5 nfc. Always reverted to try again screen.

@fliespl commented on GitHub (Apr 7, 2024): I just stumbled across this one and failed after 30 minutes to use yubikey 5 nfc. Always reverted to try again screen.

GiteaMirror commented

@callit commented on GitHub (Apr 26, 2024):

I was having this problem all day today. I tried a bunch of things, and some combination of the below finally worked. Here's what I did:

Log out of Bitwarden Android app
Clear Bitwarden app data
Set Chrome as your default browser app for the time being
Before you proceed, I recommend setting up a standard 6-digit OTP authenticator in case something goes awry. You can turn it back off when done if you're satisfied.
Using the YubiKey Manager desktop app, disable OTP via NFC as suggested in Bitwarden's troubleshooting document

I believe one of these steps was the actual solution:

I had both YubiKey OTP and WebAuthn enabled - Disable YubiKey OTP completely from your two step settings if you have it enabled
WebAuthn - My YubiKey NFC had a "Migrated from FIDO" note. Remove that and re-add your hardware token.
Open Bitwarden android app and authenticate with your master password, you'll be prompted for your authenticator - the time it worked for me, instead of authenticating right away, I clicked the menu in the upper right corner and selected "Open In Browser" - the page re-opened in Chrome, and I authenticated with NFC there. I held it until the screen said "you're all set". It sent me back to the app which was still waiting for the token, so I hit the authenticate button again, and held the NFC to the back of the phone again.

After all of that, it finally let me through. My suspicion is that it was some combination of the YubiKey OTP being enabled and/or having the "Migrated from FIDO" token, but the double authentication in the last step could have something to do with it as well.

Hopefully this helps someone.

@callit commented on GitHub (Apr 26, 2024): I was having this problem all day today. I tried a bunch of things, and some combination of the below finally worked. Here's what I did: 1. Log out of Bitwarden Android app 2. Clear Bitwarden app data 3. Set Chrome as your default browser app for the time being 4. **Before you proceed, I recommend setting up a standard 6-digit OTP authenticator in case something goes awry. You can turn it back off when done if you're satisfied**. 5. Using the YubiKey Manager desktop app, disable OTP via NFC as suggested in Bitwarden's troubleshooting document I believe one of these steps was the actual solution: 7. I had both YubiKey OTP and WebAuthn enabled - Disable YubiKey OTP completely from your two step settings if you have it enabled 8. WebAuthn - My YubiKey NFC had a "Migrated from FIDO" note. Remove that and re-add your hardware token. 9. Open Bitwarden android app and authenticate with your master password, you'll be prompted for your authenticator - the time it worked for me, instead of authenticating right away, I clicked the menu in the upper right corner and selected "Open In Browser" - the page re-opened in Chrome, and I authenticated with NFC there. I held it until the screen said "you're all set". It sent me back to the app which was still waiting for the token, so I hit the authenticate button again, and held the NFC to the back of the phone again. After all of that, it finally let me through. My suspicion is that it was some combination of the YubiKey OTP being enabled and/or having the "Migrated from FIDO" token, but the double authentication in the last step could have something to do with it as well. Hopefully this helps someone.

GiteaMirror commented