Making Sure its you...from Brave Browser


I have a yubico key that I use to login to financial exchanges. I set up the security for 2fa inside those sites. all is good but now when i login to some of those sites I get Windows Security Splash Screen pops up Saying “Making sure its you. from Brave browser: Your Key looks unfamiliar please try another”. Or enter pin. I have never correlated a PIN to my yubico key so used my windows one, it didnt accept it now it says I have tried too many PINS and will not let me proceed. I tried a normal site(adalite.io) that requests connection to some hardware and the same screen comes up. So how do I get Brave browser to correlate with windows PIN and my key?

How can this issue be reproduced?

1.Find a site that requests a yubico key as 2FA, and set it up
2. have a PIN “Hello windows” set up on your PC.
3. When you login to the site Im sure youll get the splash screen

Expected result:

Brave Version( check About Brave):
Version 1.13.86 Chromium: 85.0.4183.102 (Official Build) (64-bit)
Additional Information:

I believe it to be a windows security issue that is checking to make sure you are you before it allows a site that deals with “sensitive financial” material to access your PC but the correlation between a yubico key and windows is irrelevant. Makes no sense to me as why do you need a key when your browser wont even let you get that far! :slight_smile:

Have you turned on any kind of VPN?

Yes I joined a vpn about a week. but I had the issue before and I have also tried doing it without the vpn on. same issue. Strange that two exchange sites do not give me any problems and accept the yubico key without any brave splash screen. The latest site, the first time I had been there, gave me issues however it was asking to connect to hardware attached to my PC but there was no yubico key related to that site or the hardware. Thats what makes me think its windows and browsers firing off a message if hardware needs to connect to a website. But that does not explain why it wont recognise the yubico when I try to log into an exchange. The exchange recogises the key as it is logged as a 2FA with them.
I do not use yuibco to log into the PC or any other programs on the PC except web based exchanges.
It seems that the message comes up just BEFORE I am about to press the yubico to login into a site, like it recognises that this site needs the key but the browser wants to make sure i am at the keyboard before it allows the site to see the key. The other weird thing is that I did get an email from the exchange site saying a successful login but I could not actually login??

I have since removed Hello PIN for PC login and returned to the passwrd method. I still get that message about too many incorrect login PINS so use another login method.

thank you for help!

1 Like

DO you think updating to the latest windows version 2004 , which I just got a message about would help?

I have windows 10 home ver 10.0.18363 build Has anyone used it yet and warnings?

To be honest, now i’ve read all that the only idea i have to this is, that the key itself is perhaps corrupted? Trough a magnetic field or so. Maybe you have a friend with a working key that can try to log in from your PC?

I see this is a serious issue and maybe this topic you can also post on https://meta.discourse.org/
to get more people involved to solv this problem. Good luck and stay frosty

Thank you for your time, I appreciate it. I will check out the discord and report back with any findings that might help others that come across the same or similar issues. Have a great day!!