[Important] Updating the U2F libraries in miniOrange 2FA plugins

Please read this blog if you have configured Yubikey Hardware token(U2F) as a Two Factor Authentication (2FA) method, else ignore in case if you are using any other 2FA methods such as Google Authenticator, OTP over Email, Security Questions, etc.

 

Chrome is deprecating the support of its legacy U2F APIs in February 2022.

In the recent chrome version, Chrome has disabled the U2F support by default so users are getting a warning message on the Chrome browser as below whenever they try to use Yubikey Hardware Token(U2F).

Google is promoting all applications to migrate U2F APIs to WebAuthn APIs

You can read more about this in this blog post by Google and in release notes of Chrome.

To support new Chrome versions, we are rolling out a new version of all our 2FA plugins on 20th December 2021, where we are migrating from U2F APIs to recommended WebAuthn APIs.

Note: The new version will also be compatible with all other browsers.

Yes, existing users will have to configure the hardware token again.

As the new WebAuthn APIs are not fully backward compatible with the U2F APIs implementation done in our plugin, all your users who are currently using U2F Hardware tokens (i.e. they have configured their U2F Security Keys in our 2FA plugin), will have to configure it again.

This will be a one-time configuration and we will make sure to make the reconfiguration steps as easy as possible.

After you update the plugin. The existing users will have 2 options.

  1. Continuing using the 2FA verification using U2F APIs. They can use this option till Feb 2022 (till Chrome supports U2F)

  2. Reconfigure the 2FA and start using the WebAuthn APIs. This option is recommended. Please note that this is a one-time process. After reconfiguration, WebAuthn will be marked as the default for those users and the 2FA verification process will be the same as before.

All these details will be mentioned in the reconfiguration flow in the plugin so that the end-users don’t get confused.

New users will not be affected.

After the plugin update, the new WebAuthn APIs will be used by default. So all the new users will directly configure the security keys using the new APIs.

No.

The USB security keys used for U2F registration are compatible with WebAuthn APIs as well. So users can continue using the same USB keys.

There will be no impact on the users using other 2FA.

 

If you face any issues during the migration or need any assistance, please send a query to atlaasiansupport@xecurify.com or reach out to us via our Customer Portal.