YubiKey PIN: What It Is and How to Configure It with Yubico Authenticator
⚠️ YubiKey Manager GUI no longer has official support
Yubico removed the YubiKey Manager graphical interface in 2025. The recommended official alternative is Yubico Authenticator. This guide has been updated with the correct instructions for the current app.
The YubiKey PIN is the code that protects access to the credentials stored in your security key. It is not your account password — it is the password for the key itself. Without it, some services won't let you authenticate even if you have the YubiKey in your hand.
What is the YubiKey PIN?
When you register your YubiKey with a service like Gmail or Bitwarden, the key stores a credential inside its memory. The FIDO2 PIN protects access to those credentials — it acts as a second layer of security on top of the key itself.
The system asks for it in two situations: when you register the key for the first time with a service that requires it, and when the service requires additional verification before authenticating you.
What happens if you don't set it up?
It depends on the service. Many work without a PIN — you simply insert the key, touch the gold contact and you're done. But some services — especially corporate environments and certain password managers — require it. If you try to register the key without a PIN configured, the process fails.
ℹ️ Better to set it up from the beginning
Don't wait for a service to require it. Configuring the PIN before registering the key anywhere is the recommended practice — and it takes less than a minute.
How to set up the PIN step by step
The PIN is configured from Yubico Authenticator, Yubico's official app for managing the key from your computer.
Available at yubico.com/products/yubico-authenticator. Compatible with Windows, macOS and Linux.
Yubico Authenticator automatically detects the key and displays the model in the left panel.
In the right panel you'll see the MANAGE section with the Set PIN option — FIDO PIN protection.
Choose a PIN you can remember. It can include letters and numbers. Write it down in a secure place — in your password manager or on paper stored in a physical location.
⚠️ Attempt limit — critical
If you enter the PIN incorrectly 8 times in a row, the FIDO2 module locks permanently. There is no recovery possible without doing a Factory reset, which deletes all registered credentials. Save the PIN from the start.
YOU MIGHT BE INTERESTED IN
The first thing you should do when you receive a YubiKey
What PIN should you choose?
The FIDO2 PIN can be between 4 and 63 characters. It can include letters, numbers and special characters — it's not just numeric like a bank card PIN.
Choose something you can remember but that's not obvious. Don't use the same PIN as your email password or a simple sequence like 1234. A PIN of 8-12 characters with letters and numbers is secure enough for daily use.
What if you forget the PIN?
If you exceed the attempt limit or simply can't remember the PIN, the only solution is to do a Factory reset from Yubico Authenticator — Home → Factory reset. This restores the key to factory settings and deletes all registered FIDO2 credentials.
After the reset you'll have to register the key again with all the services where you had it configured. This is why it's so important to save the PIN from the beginning.
⚠️ Without a saved PIN, reset is inevitable
A Factory reset is not the end of the world — the key will still work afterwards — but you'll have to repeat the registration process for each service. Save the PIN in your password manager right now.
FIDO2 PIN vs other YubiKey PINs
The YubiKey has several independent modules, each with its own PIN. For the basic user only the FIDO2 PIN matters — the others are for advanced or corporate uses.
| Module | What it's for | Do you need it? |
|---|---|---|
| FIDO2 | Passkeys, authentication on Gmail, GitHub, Bitwarden, etc. | ✅ Yes — basic user |
| PIV | Digital certificates, smart card, corporate access | ⚠️ Professional use only |
| OTP | One-time password when touching the gold contact | ❌ Rare in daily use |
Frequently asked questions
Is the YubiKey PIN the same as my password?
No. They are completely different things. Your password protects access to your account on a service. The YubiKey PIN protects access to the credentials stored inside the key. You can change one without affecting the other.
How many attempts do I have before it locks?
8 consecutive failed attempts lock the FIDO2 module permanently. There is no way to unlock it without doing a Factory reset, which deletes all registered credentials.
Can I change the PIN after setting it up?
Yes. In Yubico Authenticator → Passkeys → Set PIN you can change the PIN at any time. You'll need to enter your current PIN to be able to change it.
Do all YubiKey models have FIDO2 PIN?
Yes, all FIDO2-compatible models — YubiKey 5 NFC, YubiKey 5C NFC, Security Key NFC and Security Key C NFC — support FIDO2 PIN. Older U2F-only models do not support it.
YOU MIGHT BE INTERESTED IN
What is 2FA and how to protect your accounts with YubiKey?
