⭕Understanding PINs

PINs can be a confusing aspect of a Yubikey. Here is a brief explanation of all the PINS associated to the Yubikey.

Review the various PINs below and ensure you have the correct device:

	PINs	Interfaces	Color
Security Series	1	FIDO2 (1)	Blue As of 2023, they now come in black.
5 Series	5	FIDO2 (1) GPG (2) PIV (2)	Black

PINs

Interfaces

Color

Security Series

FIDO2 (1)

Blue As of 2023, they now come in black.

5 Series

FIDO2 (1)

GPG (2)

PIV (2)

Black

If you are unsure if you have the Security Series device, or the 5 Series. Look at the back of the device near the USB PINs.

Device	Printed On Back of Key
Security Series	"FIDO"
5 NFC Series	8-9 digit number Barcode
5 FIPS Series	"FIPS" 8-9 digit number Barcode

Device

Printed On Back of Key

Security Series

"FIDO"

5 NFC Series

8-9 digit number Barcode

5 FIPS Series

"FIPS" 8-9 digit number Barcode

As of 2023, Yubico has announced an updated version of the Security Series keys which are now black and look almost identical to the Yubikey 5 Series keys.

Prior to 2023, the Security Series keys were blue.

For more information, view the official page.

Security Series

The Yubikey Security Series is Yubico's more affordable model security device which comes in at nearly half the price of the Yubikey 5. However, it comes with less features, and is primarily for FIDO2 / Webauthn. This device only has 1 PIN associated to the FIDO2 module. These keys do not include interfaces such as GPG, PIV, etc.

Interface	PINs	Brief Description
FIDO2	1 PIN	Authenticate with websites such as Microsoft, Google, Bitwarden, PayPal, etc.

Interface

PINs

Brief Description

FIDO2

1 PIN

Authenticate with websites such as Microsoft, Google, Bitwarden, PayPal, etc.

Yubikey 5 Series

The has several technologies (or interfaces) included. Each of those technologies do different things so that you have a wide variety of options on how to use your Yubikey.

In total, your Yubikey 5 has 5 PINs, 1 Management Key, and 1 Reset Code.

Interface PINs Brief Description

Interface	PINs	Brief Description
FIDO2	1 PIN	Authenticate with websites such as Microsoft, Google, Bitwarden, PayPal, etc. No default PIN This PIN is set the first time you link your Yubikey to a website or Windows.
GPG	2 PINs 1 Reset Code	Allows you to do tasks such as encrypting / decrypting files, sign Github commits, and also supports SSH. Defaults `User PIN:` 123456 `Admin PIN:` 12345678
PIV	2 PINs 1 Management Key	Do things like import x509 certificates / keypairs to your Yubikey. Can be used for services such as Bitlocker, Veracrypt, EFS, SSH, etc. Defaults `PIN:` 123456 `PUK:` 12345678

FIDO2

1 PIN

Authenticate with websites such as Microsoft, Google, Bitwarden, PayPal, etc. No default PIN This PIN is set the first time you link your Yubikey to a website or Windows.

GPG

2 PINs 1 Reset Code

Allows you to do tasks such as encrypting / decrypting files, sign Github commits, and also supports SSH. Defaults User PIN: 123456 Admin PIN: 12345678

PIV

2 PINs 1 Management Key

Do things like import x509 certificates / keypairs to your Yubikey. Can be used for services such as Bitlocker, Veracrypt, EFS, SSH, etc. Defaults PIN: 123456 PUK: 12345678

If you have no need for things like GPG or PIV, you may never even cross paths with these PINs. You might only want to just sign into websites, and if so, then you'll only ever be asked for your FIDO2 PIN.

Automatically assume that if you've never messed with GPG or PIV on your Yubikey and your device asks for a PIN, it will be asking for your FIDO2 pin.

Let's break down the different interface PINs. Click an interface below to learn about each one:

FIDO2

GPG

PIV

PreviousMysterious Certificates NextFIDO2

Last updated 1 year ago