Using the YubiKey Manager GUI — YubiKey Manager (ykman) CLI and GUI Guide documentation (2024)

Table of Contents
Launch YubiKey Manager GUI Windows Launch MacOS Launch View YubiKey Firmware Version Managing Applications View Available Interfaces View YubiKey Enabled Applications Enable and Disable Applications Locking Configure YubiKey Slot on YubiKey Resetting FIDO2 Function FAQs References
  • Using the YubiKey Manager GUI
  • View page source

The Yubico Authenticator is a quick, convenient way to find out what firmware your YubiKey has and/or to reset it - unless you prefer to use ykman (CLI), which is less powerful. If you are using the YubiKey Manager and do not find what you want in it, check to see if ykman (the CLI) has it.

Launch YubiKey Manager GUI

To launch YubiKey Manager follow the steps for your platform below.

Windows Launch

  1. Open the Start menu panel, locate and click the YubiKey Manager app.

    See Also
    Security Advisory YSA-2024-03

  2. Optionally, right-click the YubiKey Manager icon and select, Pin to Start or Pin to taskbar.

MacOS Launch

  1. Open Launchpad, locate and click the YubiKey Manager icon.

  2. Optionally, right-click the YubiKey Manager icon in the task bar and select Options > Keep in Dock.

View YubiKey Firmware Version

  1. Launch the YubiKey Manager, GUI version.

  2. At the YubiKey Manager prompt, insert your YubiKey and touch.

    If your YubiKey is already connected, the YubiKey Manager Home tab is displayed.

    Note that the tool only reads a single YubiKey at a time, so if you have multiple keys connected, it might not be evident which one YubiKey Manager is identifying.

  3. View the listed YubiKey firmware version.

    When your YubiKey credential is accepted YubiKey Manager opens the Home tab and lists the accepted YubiKey firmware:

    • YubiKey series (e.g., YubiKey 5)
    • Firmware (e.g., 5.4.X)
    • Images of the various form factors within that series.

Managing Applications

YubiKey Manager can be used to check which applications are enabled on which interface and to enable or disable each application on each physical interface.

View Available Interfaces

The Interfaces tab displays your key’s form factor (for example, USB), and the interfaces it has. Use the Interfaces tab to configure what is available on that key. For example, you can disable the interfaces/applications by deselecting the respective checkboxes.

View YubiKey Enabled Applications

  1. Launch the YubiKey Manager, GUI version.

  2. Insert the YubiKey whose applications you want to manage.

  3. View available applications. Select the Applications tab.

Enable and Disable Applications

  1. Launch the YubiKey Manager, GUI version.

  2. Insert the YubiKey whose applications you want to manage.

  3. View available applications. Select the Interfaces tab.

    A checkbox with a tick is shown next to each enabled applications.

  4. Enable to disable applications for the YubiKey.

    1. Select the checkbox to enable an application.
    2. Unselect the checkbox to disable an application.
    3. Click Save Interfaces.

Note

For the YubiKey 5Ci, any modifications made to the applications over the USB interface also apply to the applications over Lightning®.

Locking

Once the desired applications have been selected, a lock code can be set to prevent changes to the set of enabled applications. This is done using the ykman CLI ykman config set-lock-code. The lock code is 16 bytes presented as 32 hex characters. For more information, see ykman config set-lock-code [OPTIONS].

Configure YubiKey Slot on YubiKey

  1. Launch the YubiKey Manager, GUI version.

  2. Insert the YubiKey whose applications you want to manage.

  3. Select application to configure.

    1. Select the Applications tab.
    2. Select from the displayed list of applications.

  4. Select the YubiKey slot to configure. Click the slot Configure button.

  5. Complete the configuration options. These are specific to each application type.

Resetting FIDO2 Function

Resetting the key is not the same as unblocking it. Because resetting the FIDO2 function returns the key to its beginning state when it has no PIN, you must set a new PIN and enroll the key again after resetting it.

  1. Remove your YubiKey if it is still connected to your machine, then launch ykman and insert your key.

  2. Click on the word Applications at the top of that tab. A list of menu options appears. The specific options depend on the key.

  3. Select FIDO2. The FIDO2 page appears.

  4. Click the Reset FIDO button. The Reset FIDO confirmation popup appears.

  5. Click Yes. Everything on the key is removed: the PIN (if set) is deleted. The Remove and re-insert your YubiKey! prompt appears.

  6. Remove and re-insert your YubiKey. The Touch your YubiKey prompt appears, and the green LED flashes.

  7. Touch your YubiKey. The message “FIDO applications have been reset” appears at the bottom of the Applications page.

  8. Remove the key in preparation for re-enrolling it.

Click for Yubico Support.

Cookies | Privacy Policy

Using the YubiKey Manager GUI — YubiKey Manager (ykman) CLI and GUI Guide documentation (2024)

FAQs

What is the difference between Yubico PIV tool and Ykman? ›

Built on the C ykpiv library, the PIV-Tool provides a CLI to access all of the functionality supported on the PIV function of the YubiKey. While PIV-Tool allows for the CLI to be used as part of a scripted process, the lack of support beyond the PIV functions means that it is less script-friendly than ykman.

View More
What does YubiKey Manager do? ›

Use the YubiKey Manager to configure FIDO2, OTP and PIV functionality on your YubiKey on Windows, macOS, and Linux operating systems. The tool works with any currently supported YubiKey. You can also use the tool to check the type and firmware of a YubiKey.

Discover More
How does a YubiKey show up in Device Manager? ›

Connect your YubiKey to your computer. Open up Device Manager. Locate the YubiKey smart card entry - it will be labeled Identity Device (NIST SP 800-73 [PIV]).

Read More
How to reset YubiKey from command line? ›

Option 2 - Using YubiKey Manager CLI
  1. Download and install YubiKey Manager.
  2. Open Command Prompt as Administrator (Windows) or Terminal (Mac / Linux).
  3. Run: ykman piv reset.
  4. When prompted, press Y and then Enter to confirm the reset.
May 7, 2020

Read More
Can I use 2 different YubiKeys? ›

Lastpass, for example, allows you to add five YubiKeys per account. Check your service's security settings for more info. Q: Should my spare key be the exact same as my primary key? A: Nope, this is not necessary.

Find Out More
Why is Yubico so expensive? ›

It is costly to design, mould, manufacture, sell and support a hardware product, even something as small as this. Since you don't want your 2FA company to go out of business there is good value in knowing they have a stable business model that can actually support a company rather than just burning capital.

Find Out More
How do I use my YubiKey for the first time? ›

How to set up your YubiKey
  1. Plug in your YubiKey.
  2. Go to Yubico.com/setup and click your device.
  3. In the Compatible accounts and services section, browse the list of supported apps and services, and select the ones you want to secure with your device.
  4. Your selection will appear in a list next to the available apps.
Nov 27, 2023

Explore More
Can someone else use my YubiKey? ›

So if one is lost or broken then I still have another to log into sites. As for theft, if you're using your yubikey as a 2nd factor then they still can't log in because they don't know your password. If you're using your yubikey as both factors then it either has a PIN or biometrics, so the thief can't log in.

Read More
Can you use YubiKey for everything? ›

How it works. A single YubiKey has multiple functions for securing your login to email, online services, apps, computers, and even physical spaces. Use any YubiKey feature, or use them all.

Know More
What is the default PIN for YubiKey manager? ›

General information. The default PIN code is 123456. The default PUK code is 12345678. The default 3DES management key (9B) is 010203040506070801020304050607080102030405060708.

Get More Info Here

How do I know if my YubiKey is working? ›

Testing the Credential
  • Insert the YubiKey into the computer.
  • Click the Yubico OTP button. The following screen, "Test your YubiKey with Yubico OTP" shows the cursor blinking in the Yubico OTP field.
  • Tap the metal button or contact on the YubiKey. The OTP appears in the Yubico OTP field. ...
  • Click Validate.
May 7, 2020

See More
What is the factory reset PIN for YubiKey? ›

Windows
  1. Press CRTL-ALT-DELETE on your keyboard.
  2. Select Change a password.
  3. Click on Sign-in options.
  4. Select the smart card icon.
  5. Verify that you receive the message, ”Yubico Yubikey 4 OTP+U2F+CCID 0)".
  6. Change your PIN. 6.1 Enter Current PIN. 6.2 Enter New PIN (6 to 8 alphabetic or numeric characters). ...
  7. Click OK.

Read On
Can I reprogram a YubiKey? ›

It is possible to reset the U2F application on version 4 FIPS series YubiKeys. A reset will replace the U2F key along with the attestation key and its cert. It will also remove the PIN requirement, if there is one. In other words, it will reset the U2F application to factory default settings.

View Details
How to fully reset YubiKey? ›

Unplug the YubiKey once and then plug it back in via the USB port. Touch the YubiKey on the sensor (golden area) twice within 10 seconds to confirm the reset. The YubiKey has been successfully reset. Afterwards, if necessary, you can set a new PIN again using the Security Key PIN function.

View Details
What is Yubico PIV? ›

The Yubico PIV tool is used for interacting with the Personal Identity Verification (PIV) application on a YubiKey.

Find Out More
What is the difference between YubiKey FIDO2 and PIV? ›

FIDO2 vs PIV

FIDO2 is fundamentally different than PIV because it was designed provide a way to deploy hardware/cryptography-based MFA to massive amounts of users. Whereas a large PIV deployment may be 1 million, FIDO2 is designed to be unlimited.

Find Out More
What is the difference between PIV and WPIV? ›

The indicator mechanism is identical to that of the PIV. The differences are that the WPIV operates a valve inside the building rather than underground, the postindicator is bolted to the wall instead of to the top flange of the valve, and the postindicator is equipped with a handwheel rather than a locking wrench.

Get More Info Here
Which Yubico key is best? ›

The Yubikey Security Key C NFC is our top pick for most people. It features excellent build quality, and its USB-C connector means it works on just about every new device. It also has NFC support, which lets it authenticate on mobile devices that lack a USB port.

Tell Me More

References

Top Articles
24 Crazy Delicious Recipes That Are Super Low-Carb
Best Garlic Herb Butter Recipe - Evolving Table
Brett Cooper Wikifeet
Orange County's diverse vegan Mexican food movement gains momentum
Ippa 番号
Scoped Courses - Bruiser Industries
William Spencer Funeral Home Portland Indiana
Kitchen Song Singer Violet Crossword
Northwell.myexperience
Las Mejores Tiendas Online en Estados Unidos - Aerobox Argentina
Martimelons
Belle Fourche Landfill
Rick Harrison Daughter Ciana
My Eschedule Greatpeople Me
New Jersey Map | Map of New Jersey | NJ Map
Clarksville.craigslist
Tiffin Ohio Craigslist
Publix Store 1304
Amanda Bellaci
Magicseaweed Capitola
Rufus Rhett Bosarge
Excuse Me This Is My Room Comic
Gw2 Titles
What is a Nutmeg in Soccer? (Explained!) - Soccer Knowledge Hub
Sunset On November 5 2023
Meineke Pacific Beach
Dom's Westgate Pizza Photos
Eros Cherry Hill
Pokio.io
Courtney Callaway Matthew Boynton
Theatervoorstellingen in Roosendaal, het complete aanbod.
Diminutiv: Definition, Bedeutung und Beispiele
Best Upscale Restaurants In Denver
Rainfall Map Oklahoma
Pho Outdoor Seating Near Me
Pixel Run 3D Unblocked
80 For Brady Showtimes Near Brenden Theatres Kingman 4
Exterior Ballistics Calculator
La Monja 2 Pelicula Completa Tokyvideo
Re/Max Houses For Sale
Delta Incoming Flights Msp
Fandafia
Viewfinder Mangabuddy
Meg 2: The Trench Showtimes Near Phoenix Theatres Laurel Park
Matt Laubhan Salary
Slmd Skincare Appointment
1984 Argo JM16 GTP for sale by owner - Holland, MI - craigslist
Legend Of Krystal Forums
424-385-0597 phone is mostly reported for Text Message!
Skip The Games Mil
The Eye Doctors North Topeka
Konami announces TGS 2024 lineup, schedule
Latest Posts
25 Delicious Keto Sauces Recipes for Chicken, Steak, and More!
Easy Cashew Curry (A Plant Based Recipe) - Savory Spin
Article information

Author: Ray Christiansen

Last Updated:

Views: 5620

Rating: 4.9 / 5 (69 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Ray Christiansen

Birthday: 1998-05-04

Address: Apt. 814 34339 Sauer Islands, Hirtheville, GA 02446-8771

Phone: +337636892828

Job: Lead Hospitality Designer

Hobby: Urban exploration, Tai chi, Lockpicking, Fashion, Gunsmithing, Pottery, Geocaching

Introduction: My name is Ray Christiansen, I am a fair, good, cute, gentle, vast, glamorous, excited person who loves writing and wants to share my knowledge and understanding with you.