A knowledge base article about First-party Isolation (FPI) in Firefox breaks Duo two-step validation with security keys provided by the UC Berkeley IT Service Hub - Knowledge Portal
When using Firefox's first-party isolation setting (privacy.firstparty.isolate=true) CalNet 2-step may not work with your security key. You will need to disable FPI to login using CalNet 2-step with your U2F device; otherwise you can use push or other supported methods. This affects U2F and FIDO devices such as YubiKey and Trezor.