A bug in the sign in with Security Key option for M365

Occasional Visitor

1. Register a pair of keys in M365.

2. On a PC you are presented with an option to sign in with a security key!

3. On a MAC you are presented with an option to sign in with a security key!

4. On ChromeOS you are not presented with that option.

 

ChromeOS supports FIDO2 and it works on many other sites.  It is only M365 that has this issue.  As a Partner I reached out to Microsoft support, who said Microsoft has dropped all support for ChromeOS.  I do not expect to run Word on a Chromebook, but I can run the web version of any of Microsoft tools on a Chromebook.  Why then, can I not have the same level of security on my account that I could if I was accessing the site on a PC or Mac?

 

Microsoft should fix this bug if they really care about security of their customer's accounts, no matter how they access the site.

   

2 Replies

@TrustSDS_Dave 

 

I can reproduce this issue.

I can use the same FIDO key as a second factor to sign into Chrome, as well as to sign into Office365 portal etc. This works fine when I view the Microsoft sign in page from a Windows machine (even in a Chrome browser), but from the Chrome OS when I select "Use a security key" under the Verify your identity prompt the page never loads. Using a code from the authenticator does work.

@TrustSDS_Dave 

 

I have notice a bug in the sign-in form using MacOS with Chrome to sign-in to Office365 with Yubi 5C USB-C key. 

When prompt to login, only options provided are username, password, reset password, sign in with another account. 

Refreshing doesn't change anything

Touch activating the security key, trigger string to be entered in the password field and failed login attempt.  The second sign-in prompt is different and display an option for security key login. 

So to login with a security key, it is required to failed a first attempt to login, to be given the choice to select security key.  Why is not always displayed as an option in every sign-in forms accros the platform?