🟣FIDO2
An explanation of the PIN associated to the FIDO2 interface.
Last updated
An explanation of the PIN associated to the FIDO2 interface.
Last updated
FIDO2 is a technology / interface on your Yubikey, which stands for Fast IDentity Online. It is included on ALL models of Yubikey.
It is a standard which enables you to log into applications without using passwords on both desktop and mobile environments. Instead of passwords, FIDO authentication uses registered devices / security keys to validate you.
FIDO2 an extension of FIDO U2F, and offers the same level of high-security based on public key cryptography. FIDO2 offers authentication options including single factor (passwordless), strong two factor (2FA), and multi-factor authentication (MFA).
FIDO2 key features include:
WebAuthn: A standard set of web APIs to allow passwordless authentication in browsers
CTAP2: Specification for the usage of physical keys and mobile authenticator apps to implement 2FA and passwordless authentication
You may be asking "If FIDO2 is passwordless, why am I being asked for a password with services like Microsoft or Google".
A service might support devices like the Yubikey, however, may not support going completely passwordless. Instead, the website will ask you to enter your username/email and password, and then you will be prompted to insert your Yubikey device as a secondary factor of authentication (2FA). This means that you need your username/email + password + Yubikey device.
Not all services support Passwordless login yet unfortuantely.
At the time of writing this, Microsoft does support going passwordless. You can read about how to set this up here.
The good news is that unlike GPG and PIV, with FIDO, you only have one PIN to remember. This is the PIN you will use when you attempt to sign into services like Google, Microsoft, Bitwarden, PayPal, etc.
There is no default FIDO PIN when you first get your Yubikey. It must be set up.
When launching YubiKey Manager, open the program with Administrative Permissions by right-clicking on the program and selecting Run as administrator
A FIDO2 PIN can be set on a YubiKey with Yubico’s program YubiKey Manager.
Once loaded, navigate to Applications -> FIDO2 and clicking Set PIN or
You also have a button to Reset your FIDO2 PIN by selecting:
