@xander.fyi.bsky.social
Beep boop
Also, the only ways to reset the keys are with Google Chrome (which is terrible) or in Windows (which, depending on who you ask, is also fairly terrible).
12.12.2025 01:07 β π 0 π 0 π¬ 0 π 0Oh, cool, so if you set a PIN on the key then Google forces you to enter that PIN to enroll any more stuff onto it even if you're trying to enrol for U2F (in Firefox, where it otherwise lets you). And you can't remove a PIN once set, just change it or completely reset the key.
12.12.2025 01:06 β π 0 π 0 π¬ 1 π 0Enrolling on mobile Brave over NFC, which only works if you have Brave's own autofill service switched on, lets me use that key to log in on Brave with either NFC on the same Brave setup or USB on desktop over USB... but not over USB on Brave. For that, a whole separate key needs enrolled over USB!
12.12.2025 01:01 β π 0 π 0 π¬ 1 π 0I'm trying very hard to see a use case for physical security keys that doesn't seem less secure than a password alongside TOTP authenticator code generator. I am struggling to identify one other than for individuals who are more likely to be vulnerable to phishing.
12.12.2025 00:23 β π 0 π 0 π¬ 1 π 0And don't even get me started on NFC. Both on stock Android and GrapheneOS, it's a catastrophe: the implementation requires Google Play Services, which usually crashes, and almost never shows any errors to tell you anything is wrong so sometimes the crashes are just inexplicably silent.
12.12.2025 00:21 β π 0 π 0 π¬ 1 π 0Proton let me enrol a PINless key in U2F mode but when I try to use it on mobile it forces me to set a PIN (so, we're suddenly in FIDO2 again for no apparent reason). But both before and after setting PIN, it works on desktop Firefox without ever asking for a PIN. WHAT THE FUCK IS GOING ON
12.12.2025 00:19 β π 0 π 0 π¬ 1 π 0Bitwarden let me enrol in U2F mode on Firefox but when I tried to actually use it on any device/browser, it errored out.
Then I tried setting a PIN on the key beforehand, but that automatically enabled "log in with passkey" (when I just wanted 2FA).
Enrolling in Safari worked (unlike Google). π«©
I can seemingly enrol a physical security key on a Google account in FIDO U2F mode only in certain browsers e.g. Firefox. If I try to enrol in Chrome, for example, it forces me to enter a PIN, indicating FIDO2 mode, even though I have "bypass password when possible" switched off.
12.12.2025 00:15 β π 0 π 0 π¬ 1 π 0FIDO is a bit of a big ol' shitshow just now, eh?
Providers behave differently from one another and even differently from one device/program combo to another. It's mental.
Screenshot showing that the very first person I followed on BlueSky is the now-thoroughly-cancelled alleged sex pest, Neil Gaiman
Signs it's been a while since I've been on BlueSky include:
10.11.2025 06:05 β π 0 π 0 π¬ 0 π 0
Idiot wearing a Ghostwatch tshirt under a jacket so only the letters 'twat' are revealed.
Never wear a Ghostwatch tshirt under a jacket
01.11.2024 13:11 β π 2658 π 414 π¬ 63 π 20
Switched to Safari. Works there. Hahah fucking hell.
14.03.2024 21:34 β π 1 π 0 π¬ 0 π 0I saw that image corruption in the preview window and figured, "How appropriate, BlueSky is broken too, ha ha".
Posted anyway, and it's actually like that in the final post, not just the preview. Incredible.
JavaScript error in Proton Mail desktop app for macOS (just declared to be out of beta today)
As a wee babby software engineer, I sometimes feel like I'm never going to feel competent no matter what I do. Luckily, Proton is here to make me feel better.
14.03.2024 21:30 β π 5 π 0 π¬ 1 π 0
