Archives December 2020

Viscosity VPN set a static hostname on macOS 11.1 (Big Sur)

Each time I use the Viscosity VPN client on macOS 11.1 (Big Sur) to establish an OpenVPN connection, the hostname displayed in new macOS terminal session would change from my computer name (e.g. “user@trogdor“) to the reverse lookup hostname of my VPN IP address (e.g. “user@ip-10-2-3-4”).

Suppose I always wanted my hostname to be “trogdor“. I ran the following command in a Terminal session to set a permanent hostname that does NOT seem to change when I connect to the VPN.

scutil --set HostName trogdor

Huge thank you to Chris Searle for posting this same solution for OSX Lion and Mountain Lion! I assume that means this solution would also work for all macOS versions between 10.7 and 11.1:

  • OSX 10.7: “Lion”
  • OSX 10.8: “Mountain Lion”
  • OSX 10.9: “Mavericks”
  • OSX 10.10: “Yosemite”
  • OSX 10.11: “El Capitan”
  • macOS 10.12: “Sierra”
  • macOS 10.13: “High Sierra”
  • macOS 10.14: “Mojave”
  • macOS 10.15: “Catalina”
  • macOS 11.0: “Big Sur”
  • macOS 11.1: “Big Sur”

Did this help you out? Do you have more info to share? Please reply below! I’d love to hear from you.

State of U2F in December 2020

NOTE: This is an updated version of my original article: “State of U2F in May 2019” (18 months ago)

I am attempting to register physical USB keys with various online accounts in an attempt to improve my online security.

I purchased multiple YubiKey keys (YubiKey 5C and YubiKey 5C Nano) with the intent to register at least two keys with each of my supported online accounts so that I have a backup in case my primary key is lost or stolen. I have access to additional YubiKey keys for testing, so I will attempt to register at least 3 keys with each service.

Before you begin, consider using YubiKey manager to disable all interfaces except “FIDO U2F” and “FIDO2” on each key. I manually labeled each of my keys as “U2F NNNN”, though it is unclear which sites are using older FIDO1 (FIDO U2F) and which sites are using newer FIDO2. The “OTP” interface is similar to Google Authenticator [1] and could leak your identity [2]. Disabling OTP will prevent YubiKey from typing a string every time you tap the YubiKey button. Only enable the interfaces you intend to use.

Here is a summary of my experience with each online provider. Each browser test was performed on macOS 11.1 (Big Sur) on Apple Silicon M1 with latest version of Brave (1.2.40 88.0.4315.5), Firefox (84.0), and Safari (14.0.2) 64-bit browsers. I am able to register keys to my accounts and authenticate to my accounts using Brave, Firefox, and Safari. All 3 browsers appear to have built-in support for “WebAuthn” and/or “U2F”.

Google (Apps, Cloud)

Key Limit: Multiple (6+) — Successfully registered 6 different U2F keys
Supported Browsers:
• Brave (1.2.40 88.0.4315.5) on macOS 11.1 (Big Sur) – M1 Intel/Rosetta 2
• Firefox (84.0) on macOS 11.1 (Big Sur) – M1 Universal App
• Safari (14.0.2) on macOS 11.1 (Big Sur) – M1 Universal App

GitHub

Key Limit: Multiple (6+) — Successfully registered 6 different U2F keys
Supported Browsers:
• Brave (1.2.40 88.0.4315.5) on macOS 11.1 (Big Sur) – M1 Intel/Rosetta 2
• Firefox (84.0) on macOS 11.1 (Big Sur) – M1 Universal App
• Safari (14.0.2) on macOS 11.1 (Big Sur) – M1 Universal App

Facebook

Key Limit: Multiple (6+) — Successfully registered 6 different U2F keys
Supported Browsers:
• Brave (1.2.40 88.0.4315.5) on macOS 11.1 (Big Sur) – M1 Intel/Rosetta 2
• Firefox (84.0) on macOS 11.1 (Big Sur) – M1 Universal App
Unsupported Browser:
• Safari (14.0.2) on macOS 11.1 (Big Sur) – M1 Universal App (fallback to OTP authenticator code)

WordPress (via Plugin)

Key Limit: Multiple (6+) — Successfully registered 6 different U2F keys
Supported Browsers:
• Brave (1.2.40 88.0.4315.5) on macOS 11.1 (Big Sur) – M1 Intel/Rosetta 2
• Firefox (84.0) on macOS 11.1 (Big Sur) – M1 Universal App
• Safari (14.0.2) on macOS 11.1 (Big Sur) – M1 Universal App

NameCheap

Key Limit: Multiple (6+) — Successfully registered 6 different U2F keys
Supported Browsers:
• Brave (1.2.40 88.0.4315.5) on macOS 11.1 (Big Sur) – M1 Intel/Rosetta 2
• Firefox (84.0) on macOS 11.1 (Big Sur) – M1 Universal App
• Safari (14.0.2) on macOS 11.1 (Big Sur) – M1 Universal App

Amazon Web Services (AWS)

Key Limit: ONE (1) — Simple On/Off toggle for 2FA. Must choose either OTP or U2F. Cannot enable both simultaneously. Unable to Register Multiple U2F Keys [3]
Supported Browsers:
• Brave (1.2.40 88.0.4315.5) on macOS 11.1 (Big Sur) – M1 Intel/Rosetta 2
• Firefox (84.0) on macOS 11.1 (Big Sur) – M1 Universal App
Unsupported Browsers:
• Safari (14.0.2) on macOS 11.1 (Big Sur) – M1 Universal App

Twitter

Key Limit: ONE (1) — Simple On/Off toggle for U2F. Unable to Register Multiple U2F Keys. Can enable OTP and U2F simultaneously.
Supported Browsers:
• Brave (1.2.40 88.0.4315.5) on macOS 11.1 (Big Sur) – M1 Intel/Rosetta 2
• Firefox (84.0) on macOS 11.1 (Big Sur) – M1 Universal App
• Safari (14.0.2) on macOS 11.1 (Big Sur) – M1 Universal App

No Support for U2F or FIDO2

LinkedIn – The only supported verification methods are SMS and OTP (Authenticator App) as of 12/2020
MailChimp – The only supported verification methods are SMS and OTP (Authenticator App) as of 12/2020
Slack – The only supported verification methods are SMS and OTP (Authenticator App) as of 12/2020. More Info

References

[1] Medium: The Unofficial FIDO U2F FAQ
[2] Hacker Noon: Avoid Leaking Your Identity with YubiKey
[3] AWS: Use YubiKey security key to sign into AWS Management Console with YubiKey for multi-factor authentication (comments confirm only one U2F device is supported per login)