Brave-browser: U2F Fails On vanguard.com
Description
Fail to use U2F authentication with Yubikey on https://personal.vanguard.com/us/AuthLogin.
Steps to Reproduce
- Go to https://investor.vanguard.com/my-account/log-on.
- Login with username/password.
- Try to use Yubikey on next screen as 2FA.
Actual result:
Get error message There was a problem issuing a challenge for this logon. Please use security codes to sign in.
Expected result:
No error message and website uses my Yubikey properly like it used to.
Reproduces how often:
Always.
Brave version (brave://version info)
----------|-------------
Brave | 1.3.115 Chromium: 80.0.3987.87聽(Official Build)聽(64-bit)
Revision | 449cb163497b70dbf98d389f54e38e85d4c59b43-refs/branch-heads/3987@{#801}
OS | Linux
Version/Channel Information:
Stable.
- Can you reproduce this issue with the current release? Yes.
- Can you reproduce this issue with the beta channel? Don't know.
- Can you reproduce this issue with the dev channel? Don't know.
- Can you reproduce this issue with the nightly channel? Don't know.
Other Additional Information:
- Does the issue resolve itself when disabling Brave Shields? No.
- Does the issue resolve itself when disabling Brave Rewards? Don't known.
- Is the issue reproducible on the latest version of Chrome? Yes.
Miscellaneous Information:
linuxluser
All 4 comments
cc: @jumde for triage
bsclifton
on 17 Feb 2020
Probably worth noting that I can use U2F perfectly well on Yubico's test site https://demo.yubico.com/u2f/. Also, I successfully signed into my Google account (which uses the same Yubikey and U2F) in a private Brave window.
So, to my knowledge, the issue seems to be specifically with vanguard.com. I've sent a private message to Vanguard describing my issue and linking to this bug. I'll update here if they come back with anything useful/fix the issue.
linuxluser
on 17 Feb 2020
Vanguard got back to me. Their recommendation was to delete the security key from the account, flush the browser cache, log back in (with security CODE this time) and then re-enroll the security key again. After I did all of this, it started working again. PROBLEM SOLVED!
What I believe happened was that I got caught between their backend system upgrade. Late last year, I got a message that said I had to re-register my security key because they were upgrading their system and improving security. I re-registered my key on Jan 7, 2020, which was just a couple weeks before the deadline. According to their instructions, that should have been sufficient. Apparently it wasn't and my key never got registered with the new system.
Kind of all makes sense now. I probably should have thought to re-register as a first step. I'll close this out. At least others can find this now if they have the same issue.
linuxluser
on 22 Feb 2020
Thanks for following up and letting us know you're solved, @linuxluser 馃槃
bsclifton
on 23 Feb 2020
Related issues
pitsi
路
3Comments
qingxiang-jia
路
3Comments
traffisco
路
3Comments
hollons
路
3Comments
moritzhaller
路
3Comments
Most helpful comment
Vanguard got back to me. Their recommendation was to delete the security key from the account, flush the browser cache, log back in (with security CODE this time) and then re-enroll the security key again. After I did all of this, it started working again. PROBLEM SOLVED!
What I believe happened was that I got caught between their backend system upgrade. Late last year, I got a message that said I had to re-register my security key because they were upgrading their system and improving security. I re-registered my key on Jan 7, 2020, which was just a couple weeks before the deadline. According to their instructions, that should have been sufficient. Apparently it wasn't and my key never got registered with the new system.
Kind of all makes sense now. I probably should have thought to re-register as a first step. I'll close this out. At least others can find this now if they have the same issue.