Resetting the FIDO2 Application on Your YubiKey or Security Key


Recommended steps before resetting

Resetting the FIDO2 application will effectively unregister your key with any accounts it was registered with using FIDO U2F or FIDO2. Because of this, we recommend following the steps below, prior to resetting.

 

  1. Determine which accounts will be affected by a reset (see below).
  2. For each of those accounts, log in, unregister the to-be-reset key, and then double-check that you are still able to log in and modify the account's 2FA settings (without the to-be-reset key).
    • This process can be made easier if you have more than one key registered with your accounts, which we recommend.

To determine which of your accounts will be affected by a FIDO reset:

 

  1. Search for each service your YubiKey is registered with in the Works With YubiKey Catalog.
  2. Under each service's listing, check the Security protocol support section for FIDO2/WebAuthn, Universal 2nd Factor (U2F), or similar. Any services that show these will be affected by a FIDO2 reset.
  3. Services that only list Yubico OTP, OATH-TOTP, etc., and do not include any of the aforementioned protocols should not be affected.

Resetting the FIDO2 application

 

Windows

(Recommended) Using Windows Settings

  1. Open the Settings application via the Start menu (gear icon) or other method.
  2. Navigate to Accounts > Sign-in options > Security Key, and click Manage.
  3. Follow the prompts in the window that appears, and then click the Reset button.
  4. Follow the prompts on-screen to complete resetting your YubiKey.

 

macOS/Linux

(Recommended) Using Google Chrome

  1. Open Google Chrome, and navigate to chrome://settings/securityKeys (paste this in your address bar and press Enter/Return/etc.).
    • If this does not work, you can instead open Chrome's Settings, and then navigate to Privacy and security > Privacy > Manage security keys.
  2. Click Reset your security key, and follow the prompts to complete the process.

 

Any desktop operating system

Using Yubico Authenticator

  1. Download and install Yubico Authenticator.
  2. Insert your YubiKey or Security Key into an available USB port on your computer.
  3. Open Yubico Authenticator.
  4. Skip this step if you have a YubiKey. If you are running Windows and have a Security Key, click Request access, then follow the prompts to elevate Yubico Authenticator*.
  5. Open the hamburger navigation menu at the top left, click the triple dot button next to your YubiKey, and click Factory reset. Click FIDO2.
  6. Skip this step if you have a Security Key. If you are running Windows, click Request access, then follow the prompts to elevate Yubico Authenticator*.
  7. In the top-right of the window, click Reset, and follow the prompts on-screen to complete the reset.

Using YubiKey Manager

  1. Download and install YubiKey Manager.
  2. Insert your YubiKey or Security Key into an available USB port on your computer.
  3. Open YubiKey Manager (if you are running Windows, the application must be run as administrator*).
  4. Navigate to ApplicationsFIDO2.
  5. Click Reset FIDO, then YES.
  6. Follow the prompts from YubiKey Manager to remove, re-insert, and touch your key.

*Access to FIDO authenticators in Windows using non-native Windows tools requires administrative permissions. This is why YubiKey Manager and Yubico Authenticator must be run as administrator to perform a FIDO reset, and why Yubico recommends resetting via Windows Settings on Windows.