Note: This article applies to the Security Key by Yubico and Security Key NFC, but not to the FIDO U2F Security Key, which cannot be reset. To identify which of these keys you have, follow steps 1-3 under Resetting the FIDO2 application, and check how YubiKey Manager identifies your key. If you have a FIDO U2F Security Key, you will need to manually "unregister" it from the services it is registered with; there is no way to reset it. Please keep in mind that resetting the FIPS module will COMPLETELY wipe the U2F Master key and will invalidate the FIPS validation.
Recommended steps before resetting
Resetting the FIDO2 application will effectively unregister your key with any accounts it was registered with using FIDO U2F or FIDO2. Because of this, we recommend following the steps below, prior to resetting.
- Determine which accounts will be affected by a reset (see below).
- For each of those accounts, log in, unregister the to-be-reset key, and then double-check that you are still able to log in and modify the account's 2FA settings (without the to-be-reset key).
- This process can be made easier if you have more than one key registered with your accounts, which we recommend.
To determine which of your accounts will be affected by a FIDO reset:
- Search for each service your YubiKey is registered with in the Works With YubiKey Catalog.
- Under each service's listing, check the Security protocol support section for FIDO2/WebAuthn, Universal 2nd Factor (U2F), or similar. Any services that show these will be affected by a FIDO2 reset.
- For instance, Google's listing in the WWYKC has both of these listed, indicating it would be affected by a reset.
- Services that only list Yubico OTP, OATH-TOTP, etc., and do not include any of the aforementioned protocols should not be affected.
- For instance, LastPass should not be affected by a FIDO2 reset, as only Yubico OTP is found under its listing in the catalog.
Resetting the FIDO2 application
- Download and install YubiKey Manager.
- Insert your YubiKey or Security Key to an available USB port on your computer.
- Open YubiKey Manager. If you are using Windows 10 you will need to run YubiKey Manager as administrator*.
- Navigate to Applications > FIDO2.
- Click Reset FIDO, then YES.
- Follow the prompts from YubiKey Manager to remove, re-insert, and touch your key.
*Due to underlying OS mechanics, when using Windows 10, YubiKey Manager needs to be run as administrator in order to access Applications > FIDO2 and/or to detect the Security Key Series keys.