[tor-project] Broken U2F token in Tor Browser with latest Gitlab update
Georg Koppen
gk at torproject.org
Thu Dec 23 21:35:46 UTC 2021
Hello!
Tor Browser disables by default WebAuthn which has been fine with our
Gitlab instance so far (but does not work so well with our forum) if you
use a token like a Yubikey.
However, this does no longer work with the latest Gitlab update it
seems, which we picked up automatically yesterday:
"""
WebAuthn (supported, but disabled by default, since GitLab 13.4) is now
enabled by default. Users can now use Touch ID on Apple devices as a
second authentication factor, as long as their browser supports it. This
also eliminates error messages seen in browsers that are deprecating U2F
in favor of WebAuthn.
"""
So, if you have such a token enabled (as I do) and suddenly can't log
into our Gitlab anymore you can test your recovery code setup (hehe) and
then finally think about flipping the `security.webauth.webauthn` to
`true` as you would need to do anyway if you want to log into our forum
with your token enabled.
Hope this helps,
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20211223/b7b9e927/attachment.sig>
More information about the tor-project
mailing list