no luck with samsung, including the s25 (I have not tested since the april security patch) but yubikeys do not work well on samsung devices, my intent was to lock down my google account by putting the passkey on the yubikey, and I hoped, using NFC. NFC is out completely, but I can't get it to work via USB either, I need to disable TOTP for it to possibly work, I have not tried that yet. For now everything has to go into a password manager and/or authenticator app:
I bought 4 keys to have backups and one for my spouse, and I can't even use them as I expected to be able to do, based on the documentation.
from yubikey support:
I can understand your concern and frustration with attempting to get Samsung devices with FIDO2 that google and many financial accounts use. There are several reasons why you are encountering problems and they are all due to the design and implementation of Samsung and Android. To start with, we have noticed some FIDO2(aka passkey) flows with Samsung will fail if you have the Yubico OTP enabled. You would need to disable the Yubico OTP and this will allow it to function, in our test cases. We have informed Samsung as it is appears they will need to do a firmware update to fix this issue. You can find the specifics in this documentation found here:
The second issue is more general and specific to Android, first, Passkeys will only work via USB. This is due to NFC not being supported for Passkeys at this time. On top of this there are other issues with Android we have noticed, and some of them have work arounds and some do not. You can find out more information about this here:
For Android device try to disable fido2 on the NFC interface with yubikey manager. Leave only u2f. When you will register the key, Google will register it like a legacy u2f fido1 key. I have done this on my yubikey fido2 USB -A and it is working fine.
While I have played with Token2 hardware tokens in the past, I haven't used there NFC cards. I will say that I was impressed with Token2 in general (hardware, customer support, etc).
I want to use NFC cards more. On the iPhone, it is the way to go. The thing that holds me back is the lack of laptops with built in NFC readers. If my Macbook Air had a NFC reader, I'd switch pretty quickly. NFC cards, with a laptop with built in NFC, is the ultimate in portablity.
You can use a USB NFC card reader, but that just add an extra thing to carry around. In my opinion, the USB NFC readers I've used are not very well made and likely to get crushed/broken.
Another issues is that the cards hold less keys. This might not be an issue if you only need to access a handful of sites on your phone, but as a daily driver, that won't work.
I really want to get one for my iPhone due to its portability for travel (might put it on a MagSafe Wallet or in between the phone and case), and yes I will eventually get a Security with USB Connection but the Card's form factor is such a good aspect for my EDC (Everyday Carry) use.
no luck with samsung, including the s25 (I have not tested since the april security patch) but yubikeys do not work well on samsung devices, my intent was to lock down my google account by putting the passkey on the yubikey, and I hoped, using NFC. NFC is out completely, but I can't get it to work via USB either, I need to disable TOTP for it to possibly work, I have not tried that yet. For now everything has to go into a password manager and/or authenticator app:
I bought 4 keys to have backups and one for my spouse, and I can't even use them as I expected to be able to do, based on the documentation.
from yubikey support:
I can understand your concern and frustration with attempting to get Samsung devices with FIDO2 that google and many financial accounts use. There are several reasons why you are encountering problems and they are all due to the design and implementation of Samsung and Android. To start with, we have noticed some FIDO2(aka passkey) flows with Samsung will fail if you have the Yubico OTP enabled. You would need to disable the Yubico OTP and this will allow it to function, in our test cases. We have informed Samsung as it is appears they will need to do a firmware update to fix this issue. You can find the specifics in this documentation found here:
https://support.yubico.com/hc/en-us/articles/18801283920156-FIDO-issues-on-Samsung-devices
The second issue is more general and specific to Android, first, Passkeys will only work via USB. This is due to NFC not being supported for Passkeys at this time. On top of this there are other issues with Android we have noticed, and some of them have work arounds and some do not. You can find out more information about this here:
https://support.yubico.com/hc/en-us/articles/17865198749852-Android-known-issues-with-FIDO2
For Android device try to disable fido2 on the NFC interface with yubikey manager. Leave only u2f. When you will register the key, Google will register it like a legacy u2f fido1 key. I have done this on my yubikey fido2 USB -A and it is working fine.
While I have played with Token2 hardware tokens in the past, I haven't used there NFC cards. I will say that I was impressed with Token2 in general (hardware, customer support, etc).
I want to use NFC cards more. On the iPhone, it is the way to go. The thing that holds me back is the lack of laptops with built in NFC readers. If my Macbook Air had a NFC reader, I'd switch pretty quickly. NFC cards, with a laptop with built in NFC, is the ultimate in portablity.
You can use a USB NFC card reader, but that just add an extra thing to carry around. In my opinion, the USB NFC readers I've used are not very well made and likely to get crushed/broken.
Another issues is that the cards hold less keys. This might not be an issue if you only need to access a handful of sites on your phone, but as a daily driver, that won't work.
Hope this helps and good luck.
What do you think of Token2's NFC Security Cards?
I really want to get one for my iPhone due to its portability for travel (might put it on a MagSafe Wallet or in between the phone and case), and yes I will eventually get a Security with USB Connection but the Card's form factor is such a good aspect for my EDC (Everyday Carry) use.
Thanks!
Well written and researched. Thanks, Champ!
Thanks Steve!!!