Chrome is deprecating and removing the legacy U2F API for interacting with hardware security keys. The U2F API is superseded by the Web Authentication API (WebAuthn) that has multiple advantages, including widespread support of the technology across major browsers (Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari) and offers a better UI experience. In order to continue supporting two-step verification with USB security keys, Bitbucket Cloud is upgrading to WebAuthn. The transition is designed to be seamless and require no action from the user, meaning that all existing security keys will continue to work.
WebAuthn will be used for security key two-step verification and registration. Credentials that were originally registered via the U2F API will continue to work and no additional action is required. USB security keys that are supported by the U2F API are also supported by the WebAuthn API.
WebAuthn provides a better user experience in Google Chrome and presents a dialog window for every request. You can interact with your security key as soon as the following dialog is displayed:
All registered security keys are expected to work with WebAuthn. However, if you experience any problems, follow the steps below:
Select the Refresh button or reload the page and try interacting with the security key again.
If you still cannot log in, select the Don’t have a key? link and use an alternative method of two-step verification (TOTP or a recovery code).
If alternative methods of two-step verification are not available, try logging in with the security key using a different web browser, such as Mozilla Firefox.
Marina Sergeeva
0 comments