cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

A bug in the sign in with Security Key option for M365

TrustSDS_Dave
Copper Contributor

‎Oct 21 2021 05:15 PM - last edited on ‎Nov 02 2021 05:26 PM by

‎Oct 21 2021 05:15 PM - last edited on ‎Nov 02 2021 05:26 PM by

A bug in the sign in with Security Key option for M365

1. Register a pair of keys in M365.

2. On a PC you are presented with an option to sign in with a security key!

3. On a MAC you are presented with an option to sign in with a security key!

4. On ChromeOS you are not presented with that option.

 

ChromeOS supports FIDO2 and it works on many other sites.  It is only M365 that has this issue.  As a Partner I reached out to Microsoft support, who said Microsoft has dropped all support for ChromeOS.  I do not expect to run Word on a Chromebook, but I can run the web version of any of Microsoft tools on a Chromebook.  Why then, can I not have the same level of security on my account that I could if I was accessing the site on a PC or Mac?

 

Microsoft should fix this bug if they really care about security of their customer's accounts, no matter how they access the site.

   

3,674 Views
0 Likes
3 Replies
Reply
3 Replies
jefframage

‎Dec 01 2021 07:09 AM

‎Dec 01 2021 07:09 AM

Re: A bug in the sign in with Security Key option for M365

@TrustSDS_Dave 

 

I can reproduce this issue.

I can use the same FIDO key as a second factor to sign into Chrome, as well as to sign into Office365 portal etc. This works fine when I view the Microsoft sign in page from a Windows machine (even in a Chrome browser), but from the Chrome OS when I select "Use a security key" under the Verify your identity prompt the page never loads. Using a code from the authenticator does work.

0 Likes
Reply
ocontant_vosker

‎Mar 18 2022 11:36 PM

‎Mar 18 2022 11:36 PM

Re: A bug in the sign in with Security Key option for M365

@TrustSDS_Dave 

 

I have notice a bug in the sign-in form using MacOS with Chrome to sign-in to Office365 with Yubi 5C USB-C key. 

When prompt to login, only options provided are username, password, reset password, sign in with another account. 

Refreshing doesn't change anything

Touch activating the security key, trigger string to be entered in the password field and failed login attempt.  The second sign-in prompt is different and display an option for security key login. 

So to login with a security key, it is required to failed a first attempt to login, to be given the choice to select security key.  Why is not always displayed as an option in every sign-in forms accros the platform?


1 Like
Reply