FIDO Registration Passwordless - When the page focus is removed from verifying user presence, registration fails
We are in the process of implementing FIDO for an organization and currently testing various use cases. i wanted to list down a two I came across and was hoping someone can provide more clarity on the behaviour by explaining this to me or point me to some links to read more about it ( did some digging but not seen any good explanations yet :))
- User logs into aka.ms/mysecurityinfo
- select to register security key
- user is asked to enter a PIN or create a new PIN if he has not already
- user is asked to touch the key to verify presence
on step 4 if i click on another page or click on my open excel/word document and the screen focus is now on this new page and proceed to touch my FIDO key to verify user presence i get an error message saying i am using a private browser session and my key is not registered.
This happens all the time and was wondering why this happens or if its a bug?
The expected behaviour for PIN bad attempts is 4 bad PIN inputs user is asked to remove and reinsert their key. They have another 4 attempts after this.
I have noticed that if i enter 3 bad inputs and proceed to enter the right PIN on my 4ths attempt i am still not allowed to login. I get too many incorrect PIN attempts to remove and reinsert your PIN.
Wanted to know if this is expected and can be changed or a limitation of the protocol?
I realize this is an old question, but I wanted to check if you are still having this issue? If so, would you be able to share a screenshot of the message you receive?
Sign in to comment