According to GitHub employee, Microsoft made changes to WebAuthn for GitHub in such a way that at one point they wanted to detect Pirated Windows copies and show browser doesn’t support security keys message to users when they try to login to their website using 2FA with security keys, apparently the message showed to all, including Firefox users.
What happened?
Yesterday when Firefox users tried to log in to GitHub website using 2FA with Yubi security key, users received “this browser doesn’t support security keys message”. The website confusingly asks to update to latest Chrome to use security keys on GitHub.
The issue has gained traction on Reddit and an alleged Github employee Clarkbw, who worked previously at Mozilla as Product Manager for Developer tools said, the Firefox browser doesn’t support security keys and we’re happy users got it worked till now somehow, now with changes made to GitHub for Webauthn, the issue occurred.
Clarkbw further said a temporary fix will be rolled out and reveals this actually intended to target Pirated Windows.
So why to show update to Chrome message? Does that mean Chrome users running non-genuine Windows copies bypass this when they use security keys for 2FA on Github? Then what about Skype for Web unsupported message for Firefox, is that aimed at users running Pirated Windows as well?