🟣FIDO2
An explanation of the PIN associated to the FIDO2 interface.
❊ FIDO2
FIDO2 is a technology / interface on your Yubikey, which stands for Fast IDentity Online. It is included on ALL models of Yubikey.
It is a standard which enables you to log into applications without using passwords on both desktop and mobile environments. Instead of passwords, FIDO authentication uses registered devices / security keys to validate you.
FIDO2 key features include:
WebAuthn: A standard set of web APIs to allow passwordless authentication in browsers
CTAP2: Specification for the usage of physical keys and mobile authenticator apps to implement 2FA and passwordless authentication
You may be asking "If FIDO2 is passwordless, why am I being asked for a password with services like Microsoft or Google".
A service might support devices like the Yubikey, however, may not support going completely passwordless. Instead, the website will ask you to enter your username/email and password, and then you will be prompted to insert your Yubikey device as a secondary factor of authentication (2FA). This means that you need your username/email + password + Yubikey device.
Not all services support Passwordless login yet unfortuantely.
FIDO2 PIN
The good news is that unlike GPG and PIV, with FIDO, you only have one PIN to remember. This is the PIN you will use when you attempt to sign into services like Google, Microsoft, Bitwarden, PayPal, etc.
There is no default FIDO PIN when you first get your Yubikey. It must be set up.
SET FIDO2 PIN
When launching YubiKey Manager, open the program with Administrative Permissions by right-clicking on the program and selecting Run as administrator
Last updated
