Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setting a PIN cannot be undone #614

Open
xi opened this issue May 17, 2024 · 0 comments
Open

Setting a PIN cannot be undone #614

xi opened this issue May 17, 2024 · 0 comments

Comments

@xi
Copy link

xi commented May 17, 2024

  • YubiKey Manager (ykman) version: 4.0.9
  • YubiKey model and version: YubiKey 5 NFC

I can set a FIDO PIN by running ykman fido access change-pin. I can later change the PIN by running the same command again. But there is no way to remove the PIN again.

As far as I understand, this is a limitation of the CTAP protocol. Still, ykman should document that limitation. Specifically, it should:

  • Warn users that this action cannot be undone
  • Explain what exactly will happen, so users can make an informed decision if they want to do it anyway
  • Provide recovery options, e.g. explain how to use ykman fido reset and what other effects it has
@xi xi changed the title Setting a PIn cannot be undone Setting a PIN cannot be undone May 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

1 participant