⭕Understanding PINs
PINs can be a confusing aspect of a Yubikey. Here is a brief explanation of all the PINS associated to the Yubikey.
Last updated
PINs can be a confusing aspect of a Yubikey. Here is a brief explanation of all the PINS associated to the Yubikey.
Last updated
Review the various PINs below and ensure you have the correct device:
1
FIDO2 (1)
Blue As of 2023, they now come in black.
5
FIDO2 (1)
GPG (2)
PIV (2)
Black
If you are unsure if you have the Security Series device, or the 5 Series. Look at the back of the device near the USB PINs.
"FIDO"
8-9 digit number Barcode
"FIPS" 8-9 digit number Barcode
As of 2023, Yubico has announced an updated version of the Security Series keys which are now black and look almost identical to the Yubikey 5 Series keys.
Prior to 2023, the Security Series keys were blue.
1 PIN
Authenticate with websites such as Microsoft, Google, Bitwarden, PayPal, etc.
In total, your Yubikey 5 has 5 PINs, 1 Management Key, and 1 Reset Code.
1 PIN
Authenticate with websites such as Microsoft, Google, Bitwarden, PayPal, etc. No default PIN This PIN is set the first time you link your Yubikey to a website or Windows.
2 PINs 1 Reset Code
Allows you to do tasks such as encrypting / decrypting files, sign Github commits, and also supports SSH.
Defaults
User PIN: 123456
Admin PIN: 12345678
2 PINs 1 Management Key
Do things like import x509 certificates / keypairs to your Yubikey. Can be used for services such as Bitlocker, Veracrypt, EFS, SSH, etc.
Defaults
PIN: 123456
PUK: 12345678
If you have no need for things like GPG or PIV, you may never even cross paths with these PINs. You might only want to just sign into websites, and if so, then you'll only ever be asked for your FIDO2 PIN.
Automatically assume that if you've never messed with GPG or PIV on your Yubikey and your device asks for a PIN, it will be asking for your FIDO2 pin.
Let's break down the different interface PINs. Click an interface below to learn about each one:
The Yubikey Security Series is Yubico's more affordable model security device which comes in at nearly half the price of the Yubikey 5. However, it comes with less features, and is primarily for FIDO2 / Webauthn. This device only has 1 PIN associated to the FIDO2 module. These keys do not include interfaces such as GPG, PIV, etc.
The has several technologies (or interfaces) included. Each of those technologies do different things so that you have a wide variety of options on how to use your Yubikey.
