Security in the digital world is something that you should take care of in advance. One of the most reliable ways to protect your accounts is to use hardware security keys, such as Yubico. They work according to the FIDO2 and U2F standards, which makes them an ideal tool for two-factor or even completely passwordless authentication.
However, to fully use the key, you may need to set a FIDO2 PIN. In this article, I will tell you how to properly set, change, or reset the FIDO2 PIN on Yubico security keys using a smartphone (Android or iOS).
❗ Important points before you start
Before setting or resetting the PIN on Yubico keys, there are a few important nuances to consider:
1. Resetting the PIN will affect all accounts where your key is registered via FIDO2 or U2F.
2. Make sure you have access to all accounts that use this key, and be prepared to reset your security after resetting.
3. The PIN must be between 4 and 63 characters long. You can use letters and numbers. While some special characters are technically supported, Yubico recommends using only alphanumeric characters for compatibility with all services.
4. If you enter the PIN incorrectly three times in a row, the key will need to be reconnected before you can try again.
5. If you enter the PIN incorrectly eight times in a row, FIDO2 functionality will be blocked and the key will need to be reset.
6. You can choose not to set a PIN, but your key will be left without additional protection. Some services will still require you to set a PIN before registering your key.
7. If you don’t set a PIN and someone finds your key, they can view a list of services it’s registered to through the Yubico Authenticator app.
🔑 Which Yubico keys are these instructions suitable for?
These instructions are suitable for all modern Yubico security keys, including:
• YubiKey 5 Series (including 5 NFC, 5Ci, 5C and 5C Nano)
• YubiKey Bio Series (with biometrics support)
• Security Key Series (budget line without PGP and other advanced features)
📌 Please note! If you are using an iPhone, then setting a PIN code is only possible via NFC or the Lightning connector (only for YubiKey 5Ci, if its firmware is up to 5.7). On Android, the PIN code can be set via NFC or USB-C (if the key supports it).
📲 How to set or change a PIN code on a smartphone
The process of setting or changing a PIN code is very simple and takes only a few minutes.
1️⃣ Installing the Yubico Authenticator app
First, you need to download the official Yubico Authenticator app. This is a free app that is available in the App Store and Google Play.
📥 Download Yubico Authenticator
• For Android: Play Market
• For iOS: App Store
2️⃣ Launch the app and open settings
• Open Yubico Authenticator.
• Click on the three dots (⋮) in the upper right corner to open the menu.
• Select Configuration and scroll down the page.
• Find the Manage PIN item and click on it.
3️⃣ Connect the key
• On Android: hold the key up to an NFC reader or connect via USB-C.
• On iPhone: hold the key up to an NFC reader or connect via Lightning (only YubiKey 5Ci with firmware up to 5.7).
4️⃣ Set a new PIN
• Enter your current PIN (if you are changing it).
• Enter a new PIN and confirm it.
• Bring the key to your smartphone again or connect it via the connector.
🎉 Done! The PIN code has been changed.
🔄 How to reset the PIN code (Reset FIDO2)
If you have forgotten your PIN code or want to completely clear the key data, you can reset it.
⚠️ What happens after the reset?
Resetting the PIN code deletes all accounts registered via FIDO2/U2F!
You will not be able to log in to the accounts linked to the key until you set it up again.
🔄 PIN code reset procedure
1. Open Yubico Authenticator.
2. Click on the three dots (⋮) and select Configuration.
3. Scroll down and click Reset FIDO Application.
4. Follow the on-screen instructions.
5. After the reset, you can set a new PIN code according to the standard procedure.
💡 Tip: If you plan to re-register the key to your accounts, make sure you have backup login methods (password, backup codes, another key or 2FA).
✅ Conclusions
Changing or resetting the FIDO2 PIN on Yubico keys is quite simple, the main thing is to prepare properly so as not to lose access to important accounts.
If you have any questions, or are looking for a high-quality and secure hardware key - contact us! I will help you choose the best option for you.
🔐 Security is not an option, but a necessity!
