When using a YubiKey with your Casa Vault, there are specific requirements and restrictions to ensure smooth functionality. This guide will help you troubleshoot common issues.
YubiKey Firmware Requirements
• Firmware Version: Ensure your YubiKey has firmware version 5.5 or higher. If your firmware is outdated, you won't be able to use it as a Vault key. You'll need to get a new one.
Browser and Device Compatibility
• Chrome Browser: All signing actions with a YubiKey (e.g., adding a key to a vault, performing a health check, signing transactions) must be done using the Chrome browser.
• Desktop Only: These actions must be performed on the Desktop version of Chrome, not the mobile version. Attempting to use a mobile device will result in errors.
Using YubiKey in your Vaults
• Multiple YubiKeys: You can use multiple YubiKeys in a single vault. For example, you can have YubiKey A as your HOME key and YubiKey B as your OFFICE key.
• Single YubiKey Roles: You cannot use the same YubiKey for multiple roles within the same vault. For instance, YubiKey A cannot be both the HOME and OFFICE key in the same vault.
• Multiple Vaults: The same YubiKey can be used across multiple vaults. For example, YubiKey A can be a key in both a 3-key vault (3KV) and a 5-key vault (5KV).
YubiKey for Passkey 2FA Login and Vault Key
• Distinct Uses: A YubiKey cannot be used as both your passkey 2FA for login AND as a key in a vault. Casa intentionally blocks a YubiKey from being used for both authentication and signing for enhanced security.
Troubleshooting Steps
1. If you get the "Check Firmware Version" screen: Ensure your YubiKey firmware is 5.5 or higher. If your firmware version is below 5.5, you will need a new YubiKey.
2. Use Chrome Browser: Make sure you are using the Chrome browser on a desktop or laptop computer.
3. Review YubiKey Assignments: Verify that you are not trying to assign the same YubiKey to multiple roles in the same vault.
4. Separate 2FA and Vault Keys: Ensure you are not trying to use a YubiKey for both 2FA login and as a vault key.
5. If shown a list of Passkeys, choose the email that belongs to the account. If you previously had a vault key or keys on a YubiKey and then deleted one or more of them, it's possible when doing a health check or signing a transaction, a list of multiple passkeys will open. Select the passkey that displays the email for your account, then continue.
6. Make sure "FIDO2" is toggled ON in your Yubico Authenticator app. If it's turned off, set up will fail.
By following these guidelines, you can ensure that your YubiKey functions correctly with your Casa Vault. If you encounter any issues, double-check the steps above or contact support for further assistance.