Recommended steps before resetting
Resetting the FIDO2 application will effectively unregister your key
with any accounts it was registered with using FIDO U2F or FIDO2.
Because of this, we recommend following the steps below, prior to
resetting.
- Determine which accounts will be affected by a reset (see below).
- For each of those accounts, log in, unregister the to-be-reset key, and then double-check that you are still able to log in and modify the account's 2FA settings (without the to-be-reset key).
- This process can be made easier if you have more than one key registered with your accounts, which we recommend.
To determine which of your accounts will be affected by a FIDO reset:
- Search for each service your YubiKey is registered with in the Works With YubiKey Catalog.
- Under each service's listing, check the Security protocol support section for FIDO2/WebAuthn, Universal 2nd Factor (U2F), or similar. Any services that show these will be affected by a FIDO2 reset.
- For instance, Google's listing in the WWYKC has both of these listed, indicating it would be affected by a reset.
-
Services that only list Yubico OTP, OATH-TOTP, etc., and do not include any of the aforementioned protocols should not be affected.
- For instance, LastPass should not be affected by a FIDO2 reset, as only Yubico OTP is found under its listing in the catalog.
Resetting the FIDO2 application
Windows
(Recommended) Using Windows Settings
- Open the Settings application via the Start menu (gear icon) or other method.
- Navigate to Accounts > Sign-in options > Security Key, and click Manage.
- Follow the prompts in the window that appears, and then click the Reset button.
- Follow the prompts on-screen to complete resetting your YubiKey.
macOS/Linux
(Recommended) Using Google Chrome
- Open Google Chrome, and navigate to chrome://settings/securityKeys (paste this in your address bar and press Enter/Return/etc.).
- If this does not work, you can instead open Chrome's Settings, and then navigate to Privacy and security > Privacy > Manage security keys.
- Click Reset your security key, and follow the prompts to complete the process.
Any desktop operating system
Using Yubico Authenticator
- Download and install Yubico Authenticator.
- Insert your YubiKey or Security Key into an available USB port on your computer.
- Open Yubico Authenticator.
- Skip this step if you have a YubiKey. If you are running Windows and have a Security Key, click Request access, then follow the prompts to elevate Yubico Authenticator*.
- Open the hamburger navigation menu at the top left, click the triple dot button next to your YubiKey, and click Factory reset. Click FIDO2.
- Skip this step if you have a Security Key. If you are running Windows, click Request access, then follow the prompts to elevate Yubico Authenticator*.
- In the top-right of the window, click Reset, and follow the prompts on-screen to complete the reset.
Access to FIDO authenticators in Windows using non-native Windows
tools requires administrative permissions. This is why Yubico
Authenticator requires elevated permissions to perform a FIDO reset,
and why Yubico recommends resetting via Windows Settings on Windows.
Android
FIDO2 reset can be performed in Yubico Authenticator on Android if
the YubiKey / Security Key can be directly connected over USB-C or
scanned over NFC.
Using Yubico Authenticator (NFC)
- Download and install Yubico Authenticator from the Play Store.
- Open Yubico Authenticator.
- Hold your YubiKey against the Android device's NFC antenna to scan it.
- Tap the hamburger menu at the top left and tap Home.
- Tap the kebab menu () at the top right corner and select Factory reset.
- Tap FIDO2 and then tap Reset.
- Hold your YubiKey against the Android device's NFC antenna to scan it. The FIDO application is now reset.
Using Yubico Authenticator (USB-C)
- Download and install Yubico Authenticator.
- Open Yubico Authenticator.
- Insert your YubiKey into the USB-C port of your mobile device.
- From the home screen, tap the kebab menu () at the top right corner and select Factory reset.
- Tap FIDO2 and then tap Reset.
- Unplug your YubiKey when prompted.
- Reinsert your YubiKey.
- Touch the capacitive touch sensor on your YubiKey. The FIDO application is now reset.
iOS and iPadOS
FIDO2 reset can be performed in Yubico Authenticator on iOS
over NFC (if the YubiKey / Security Key model supports NFC
connectivity) or using a YubiKey 5Ci directly connected over the
Lightning connector (pre-5.7 firmware only). If you experience
issues performing a FIDO2 reset, Yubico recommends attempting reset
on a desktop operating system as an alternative. iOS does not
support FIDO2 reset when connected via USB-C connector due to
limitations in the environment.
Using Yubico Authenticator (NFC)
- Download and install Yubico Authenticator.
- Open Yubico Authenticator. If the Ready to Scan window appears, tap and hold your NFC-capable YubiKey to the NFC antenna (top rear of the iPhone). If it doesn't, swipe down from near the top of the iPhone screen to bring up the Ready to Scan window, and then tap your NFC-capable YubiKey to the NFC antenna (top rear of the iPhone).
- Tap the meatballs menu at the top right corner, and then tap Configuration.
- Swipe up on the iPhone screen to scroll down and tap Reset FIDO application.
- Tap Reset FIDO.
- Tap Reset.
-
When the Ready to scan window appears, tap and hold your NFC-capable YubiKey to the NFC antenna (top rear of the iPhone) until you see a checkmark confirming the FIDO application has been reset.
Using Yubico Authenticator (Lightning, YubiKey 5Ci pre-5.7 firmware)
- Download and install Yubico Authenticator.
- Insert your YubiKey 5Ci (pre-5.7 firmware) into an iOS/iPadOS device with a native Lightning connector (Lightning to USB-C adapters for newer iPhones will not work).
- Open Yubico Authenticator, tap the meatballs menu at the top right corner, and then tap Configuration.
- Tap Reset FIDO.
- Tap Reset.
- When prompted on screen, unplug your YubiKey 5Ci from the iPhone and then re-insert it.
-
To complete the reset process, tap the capacitive touch sensor on either side of the YubiKey 5Ci. Once the icon transforms into a green checkmark, the FIDO application has been reset.