Hi @Niyah_Atkins ! After step 5, did you have the pop-up window asking you where to save the key? Maybe your browser blocks the pop-up? I had the Authentication failed in case I click cancell when browser asks me where to save the key
You MUST manually set a device PIN via Yubico Authenticator. Crowdin still does not support the pin-less U2F method.
Firefox seems to not support websites requesting the mode used by Crowdin with devices that don’t have a pin set.
Nope.
Maybe. But the pop-up doesn’t appear even when I use Private Mode (meaning no cache or browser extensions). If the problem is with the browser itself, I strongly urge the developers to ensure that the site works properly with Firefox. I use this USB-key on other websites, and they generally work flawlessly in Firefox.
Firefox does not support FIDO2 residual keys on hardware tokens that don’t have a device PIN set. It just silently fails.
Crowdin should use the U2F part of the spec, which does not require setting a device PIN, and does not store information on the hardware token.
Instead, currently Crowdin uses Passkeys, which do store credentials on the key and REQUIRE a device PIN, even if the user only wants a second factor auth.
Hi @Niyah_Atkins, could you please try in another browser like Chrome? Please try and let us know if it worked in Chrome
(Google Chrome 143.0.7499.41) A request to select an authorization method appears:
Choose where to save your passkey for
accounts.crowdin.com
• Google Password Manager
• Use a phone, tablet, or security key
After selecting the second option, the usual prompt to touch the key contact appears. After this action, the prompt pop-up closes, and the error message “Authentication failed” is displayed.
My previous post in this thread was a link to this bug on Bugzilla@Mozilla (the Firefox bug tracker), asking for a vote on whether to fix it. The post was not approved for publication, even though it would have been a way to solve Crowdin’s problem without having to do any work ourselves. What was your reasoning behind blocking this link from being published?
Hello,
If the “Authentication failed” error appears immediately (before you even get the prompt to touch your key), it often indicates that the browser or a specific setting is blocking the WebAuthn request entirely.
While you test with Chrome, here are a few things to check:
-
Extensions: Privacy extensions (like Privacy Badger, uBlock, or NoScript) can sometimes block the scripts required for the security key handshake. Try running Incognito mode or temporarily disabling extensions.
-
Console Errors: If you open Developer Tools and check the Console tab while clicking “Register Security Key,” do you see any specific error names (e.g.,
NotAllowedError,SecurityError, orDOMException)? And in the Network tab, do see what the response code is for the failed request (e.g., is it a422 Unprocessable Entityor a400 Bad Request)? -
Config Flags: If you have modified advanced settings (like
privacy.resistFingerprintinginabout:config), this can break WebAuthn functionality.
Just for confirmation, does your security key currently have a PIN set up? Most likely, it happens because Crowdin expects a PIN (User Verification), but the key doesn’t provide it, or there is a mismatch in the “Resident Key” settings. This information will help our engineering team pinpoint if the issue is the missing PIN or a stricter FIDO2 requirement on our end.
As for the post being rejected, I sincerely apologize for the frustration there. Most likely, the automated filter flagged the post because it contained an external link from a relatively new account. This is a standard safety setting to prevent spam bot attacks and keep the Community focused on Crowdin-specific topics and questions.
It sounds like you’ve tried all the typical troubleshooting steps, which makes the authentication failure even more frustrating. Sometimes clearing saved credentials or trying a different security key profile can help isolate the issue.
Hopefully the Crowdin team can pinpoint whether it’s a configuration glitch or an integration edge case causing this.
Hi Jason,
Given the information you’ve provided, it appears that the issue might be related to the browser’s handling of WebAuthn requests, so it might be worth checking if there are any console errors or network responses that could give us more insight into the problem.
Additionally, please confirm whether your security key has a PIN set up, as this could also be a factor in the authentication failure.