End user troubleshooting FIDO2 security key verification issues

Intended audience: End users

Use this topic to troubleshoot why you can't register a FIDO2 device or why you aren't able to use a FIDO2 device for two-factor authentication.

Note

FIDO2 authenticators could be known as external security keys or built into devices like phones and laptopt. The term device is interchangeable to mean either device or security key.

This table lists issues and solutions to registering a FIDO2 security key.

Reason

Description and solution

Security key not supported

Make sure you have a security key that supports FIDO2.

Solution: Use FIDO2 security key. For example:

  • YubiKey 5 Series or later

  • ATKey.Card

Requires PIN verification

Your administrator has turned on a setting to require user verification (PIN) when using a FIDO2 security key.

In this case, certain operating systems and browsers, are not supported when used together. For example, an operating system could be Mac OS version 10.x on a desktop, laptop, or server.

PIN verification with a security key is not supported on:

  • Mac OS version 10.x with Firefox

  • Mac OS version 10.x with Apple Safari

  • Linux with Firefox

  • Android mobile device

  • iOS mobile device

Solution: Use a different browser or operating system that supports PIN verification.

Duplicate security key

You received a "We couldn't verify your device." message. It could be due to trying to register a security key that is already registered in the system.

Solution: Register a different FIDO2 security key. Or, use your currently registered FIDO2 security key to log in with two-factor authentication.

Web browser issue

You received a "We couldn't verify your device." message. It could be due to leaving the web browser before completing FIDO2 security key registration.

Solution: Try registering your FIDO2 security key again.

Web server is down

The web server to verify your FIDO2 security key is down.

Solution: Try again later.

This table lists issues and solutions to using a FIDO2 security key for two-factor authentication (2FA).

Reason

Description and solution

Security key not supported

Make sure you have a security key that supports FIDO2.

Solution: Use FIDO2 security key. For example:

  • YubiKey 5 Series or later

  • ATKey.Card

Security key is not recognized

You received "We couldn't verify your device." and "security key does doesn't look familiar" or "found no credentials on this device" messages.

This occurs when using a FIDO2 security key that is not registered in the system.

Solution: Register the FIDO2 security key for use in two-factor authentication.

Requires PIN verification – Browser and operating system not supported

Your administrator has turned on a setting to require user verification (PIN) when using a FIDO2 security key.

In this case, certain web browser and operating systems are not supported when used together. For example, an operating system could be Mac OS version 10.x on a desktop, laptop, or server.

PIN verification with a security key is not supported on:

  • Mac OS version 10.x with Firefox

  • Mac OS version 10.x with Apple Safari up to 13.1.2

  • Linux with Firefox

  • Android mobile device

  • iOS mobile device

Solution: Use a different browser or operating system that supports PIN verification. Firefox is working to resolve the issue of browser incompatibility.

Requires PIN verification – Security key does not have a PIN

Your administrator has turned on a setting to require user verification (PIN) when using a FIDO2 security key.

Security key with PIN verification doesn't work because the security key was registered without a PIN before the administrator turned on this PIN setting.

Solution: Re-register your FIDO2 security key with a PIN using the registration URL provided by your administrator.

Requires PIN verification – Security key not supported

Your administrator has turned on a setting to require user verification (PIN) when using a FIDO2 security key.

The security key was registered before the administrator turned on this PIN setting, and that security key does not support PIN verification.

Solution: Register a different FIDO2 security key, like YubiKey 5 Series or later.

Request timed out

You received "We couldn't verify your device." and "request timed out" messages.

This occurs when taking too long to respond to two-factor verification with a FIDO2 security key.

Solution: Try two-factor authentication again.

Web browser issue

You received a "We couldn't verify your device." message.

It could be due to leaving the web browser before completing two-factor authentication with a FIDO2 security key.

Solution: Try two-factor authentication again.

Web server is down

The web server to verify your FIDO2 security key is down.

Solution: Try again later.