more and more companies introduce 2FA. Now it is able to work with Chrome that supports Touch ID on Macs, but still not available in Firefox.

I'd like to echo blackswanny's comment. This was the very reason why after being a happy Firefox user since forever I switched to Chrome a few months ago. (This morning I had a lucidity moment and came back to my beloved Firefox) When working at a company using 2FA, having the slickest sign in experience seems a very valid motivation to choose a browser over another one. SoftU2F would not be valid from a security perspective for most companies deploying 2FA. I currently compensate by using a Yubikey, which seems very awkward when you have a builtin device integrated directly on you laptop.

I have implemented FIDO2/WebAuthN for a popular SAML SSO solution. It is mighty ANNOYING that TouchID as a FIDO2/WebAuthN device works with pretty much every browser except Firefox.

if this feature is not implemented, Firefox may loose all corporate clients. Which with Covid may be a bug number. More and more use 2FA with tokens, keys and Touch IDs

This is currently listed as a P4 priority, what would it take to change that priority? I note that https://bugzilla.mozilla.org/show_bug.cgi?id=1530370 is listed as P3. Maybe there's someone else who could work on this? I've been watching this ticket for over a year, really disappointed that we can't make progress.

I'm also curious as to whether this could be made a priority. Are there any huge blockers here or is it just a matter of someone with a working build environment from putting in the time?

The issue with SoftU2F iiuc is that it had to fake a USB HID device at the OS level and thus would require a significant rewrite to be compatible with Apple's new mechanism for extending such things. Apparently it's required disabling SIP for quite some time before that, which wasn't exactly that great of an idea or terribly user-friendly either.

Chrome, by adding direct support for it instead of making users mess around with fake hardware, was able to use much simpler public macOS APIs to store the private keys in the secure enclave and then does the rest itself: https://bugs.chromium.org/p/chromium/issues/detail?id=678128 Sounds like Firefox already has (or had?) a basic Soft Token implementation working already (https://bugzilla.mozilla.org/show_bug.cgi?id=1529973) — could it be polished up for end-users and extended to work with Touch ID?

At least from a user perspective, Firefox not supporting TouchID is breaking the macOS UX on macbook. It's super convenient to use TouchID to unlock the system but also when any admin access is required (even Terminal and sudo are supporting TouchID).
Also it would be great to automatically use TouchID as the default Master Password.

Chrome supports this. I had to go back to YubiKeys when I switched to Firefox. I miss just touching the keyboard to auth.

FWIW I tried to switch back from Chrome to Firefox today and instantly had to give up when I realized this wasn't supported.

+1; this feature would really help me, as my university requires 2FA. On my iPhone, Face ID now works to replace our current standard method of 2FA (Duo Push/SMS), and I so wish that I could use Touch ID on my Mac.

When signing into Cloudflare, it would be nice to have TouchID supported; right now I'm asked to enter in a security key, which I don't have any. I'll still use Firefox since Cloudflare thankfully supports other 2FA methods.

+1 disappointed that Touch ID doesn't work just on Firefox. I'm required to use one at work and the only thing more annoying than carrying a USB thing around is using another browser. :(

This is another loose end in Firefox relating to cryptography and device attestation on the Web. The latter actually got fixed (ECDSA key storage), so it's clear there's some appetite for improving the current situation.

Allowing users to use TouchID (or FaceID) as available on any other mainstream browser would enable passwordless technology to spread further and enter the mainstream.

If this remains unavailable, then sites looking to offer this option to their users will have no other choice but to provide an alternative, more complex user experience to compensate. Or simply not offer passwordless or 2FA authentication at all.

I can only support the previous comments.
Chromium has had this feature since early 2019.
From a developer's point of view, it's really a drawback, now that the major tools (Github, Cloudflare, AWS...) have U2F support.

+1

I'm baffled that Firefox product management has not picked this up and prioritised it for three years?
Security is (or soon was?) one of the major Firefox differentiator compared to other browsers, and if I were the product manager, anything that simplifies and promotes its use should be P1.
I see all dependent enhancements to make this happen have been downprioritised?
I would urge the triage responsible and the team to raise this issue and put it in the roadmap ASAP!

I am also here because I can't believe Firefox is missing such a fundamental functionality, and want to contribute my voice to those calling for its implementation. Please prioritize this!

You can also use the vote button, it's probably a better way to let the folks at Mozilla know about this:

(In reply to Mahdyar Hasanpour from comment #26)

You can also use the vote button, it's probably a better way to let the folks at Mozilla know about this:

I was going to ask how, but I found it. For anyone else wondering, scroll to the top and open the "Details" view.

That would be really awesome. I don't understand why it's not in place yet when all the competitors are doing it.

That would be a huge time saver!

We can't use MacOS + firefox in our company. Please fix this bug.

Firefox is the last standing independent browser against Chrome\Webkit
This feature is heavily used in corporate segment and by developers yet. If not implemented, it's enough for me to switch to Chrome back, cause inconvenience is huge to scarifies benefits of Firefox

Adding my voice to what everyone else has said. As someone responsible for infra and security at a major tech company, we're migrating away from replayable 2FA and to systems like Webauthn. Full support of platform authenticators is table stakes for a modern browser -- the fact that this issue is outstanding after 3 years reflects poorly on Mozilla's commitment to security.

(In reply to BlastFromPast from comment #34)

Adding my voice to what everyone else has said. As someone responsible for infra and security at a major tech company, we're migrating away from replayable 2FA and to systems like Webauthn. Full support of platform authenticators is table stakes for a modern browser -- the fact that this issue is outstanding after 3 years reflects poorly on Mozilla's commitment to security.

Agreed. For a company that is supposed to value privacy, I thought security went hand-in-hand and assumed it would be valued as well.
I would be happy to help out and write the code myself if I just knew how... I wish this could be prioritized and I'm not sure how it is still so low of a priority for Mozilla after 3 years.

I'm astounded that Firefox hasn't addressed this yet. SAML based 2fa has become ubiquitous in the corporate world. This deprives us of a biometric 2fa option on enterprise Macs. I've upvoted, but most people just shrug and change products when something like this doesn't work. It's terrible friction to have when trying to get companies to switch from Chrome.

Thank you for upgrading the priority of this! It is important to so many people, including me!

Without this feature I'm not able to use Firefox at work because I am not able to authenticate biometrically. I would love to be able to use Firefox again because I find it hard to live or work without the Tree Style Tabs plugin. Big high fives to the developer who figures this out!

Yes for sure! I wanted to use touch id from my MacBook, but it wasn't possible. With everything getting 2FA, I know this will be a really useful feature!

SoftU2F was previously proposed as a workaround, but it seems to no longer work due to macOS's many security changes in recent years. Does anyone currently have a workaround, or does no such alternative exist?

Also, is there any way the community can help implement this? If I knew how to, I would be happy to do so myself. However, for now, I am left feeling both a bit helpless and a bit hopeless. I wonder why this important feature – which has existed in both Safari and Chrome for years – has been paid such little attention by Mozilla, an organization supposedly committed to advancing privacy & security on the web.

I appreciate that Mozilla bumped the priority of this issue. Is there any hint of a timeline? Given the current threat environment (e.g. groups targeting Okta and weak MFA - https://blog.group-ib.com/0ktapus), this functionality is critical.

Webauthn based MFA is critical for the security of modern logins, especially too critical and highly privileged systems like SSO providers. The ability to easily deploy this at scale is dependent on utilizing hardware backed MFA. While external hardware backed security keys are probably the best option, the ability to use the onboard biometric security of a users computer makes deployment and use far easier for average users. Firefox is behind the curve on this and that's disappointing. Setup of Okta to use device based biometric hardware tokens is incredibly easy in Chromium based browsers, eg. https://mattslifebytes.com/2022/09/21/using-unbreakable-okta-mfa/. I'm glad to see the priority bump in this but that also was almost half a year ago and the ticket as a whole for the last 4 years, yet still no activity publicly.

It seems on some SSO login sites, administrators can set them up to require biometric login. That is the case for Twingate VPN for me. The problem is that I can no longer even use Firefox to login to those sites. Even worse, the popup that Firefox shows doesn't even indicate that biometric isn't supported and leaves the user guessing what the problem is. bug 1646274 is a good example of my user experience. The work around of using SoftU2F isn't feasible either since that project seems to have halted development three years ago.

Any idea where this sits on the roadmap and an expected completion? This has sat in what seems like limbo for years...

I feel the priority of this should be much higher. Reason:

1. Github allows touchID for logging in and many people are sure to use it as it's much more convenient (and secure) compared to the alternatives.
2. Lot of co's give their developers macbook, with all the latest models from the past couple of years having touchID.
3. Firefox's core users have historically been developers

Given these three facts it must be easy to see why not having this feature might push some of the core users to use alternate browsers.
Can someone re-evaluate and change the priority to P1 at least?

Sadly, even the most recent Chromium build on Mac does not support TouchID. So every dev with such a setup is driven into proprietary browsers - Safari and Chrome.

For an open source community product, this is a pretty much unacceptable situation.

Hi Dana,

Appreciate that this isn't the intent of this forum, however AFAIK there is no feature request forum that allows us to voice which features requests are most important to the customer, so this is sort of the proxy. If you have an alternative suggestion for how to best voice that opinion, happy to hear it, but emails/form submissions just disappear into the ether.

(In reply to bterps from comment #49)

Hi Dana,

Appreciate that this isn't the intent of this forum, however AFAIK there is no feature request forum that allows us to voice which features requests are most important to the customer, so this is sort of the proxy. If you have an alternative suggestion for how to best voice that opinion, happy to hear it, but emails/form submissions just disappear into the ether.

Seconding this - I am personally unaware of any other avenue through which to express my opinion. I would wager that a majority of the 149 people who voted for this issue and/or the tens of people who commented on it would agree.

https://connect.mozilla.org/ technically exists but so far as I’ve seen Mozilla has never acted on the feedback they’ve gathered there.

I know, this might not be the place for this comment, but I dont know a better place:
Adding TouchId + Webauthn Support is crucial for further usage of Firefox in our company. Everything is 2FA now, and most of it is going towards Fido2/Webauthn. With this feature, we are forced to use other browsers :-/

Please make it happen soon :-)