diff --git a/src/Api/Vault/Controllers/SyncController.cs b/src/Api/Vault/Controllers/SyncController.cs
index ec9ab4f96dd8..5b85d7f6a5e3 100644
--- a/src/Api/Vault/Controllers/SyncController.cs
+++ b/src/Api/Vault/Controllers/SyncController.cs
@@ -1,4 +1,6 @@
 using Bit.Api.Vault.Models.Response;
+using Bit.Core;
+using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Enums.Provider;
@@ -8,6 +10,7 @@
 using Bit.Core.Services;
 using Bit.Core.Settings;
 using Bit.Core.Tools.Repositories;
+using Bit.Core.Vault.Models.Data;
 using Bit.Core.Vault.Repositories;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -28,6 +31,8 @@ public class SyncController : Controller
     private readonly IPolicyRepository _policyRepository;
     private readonly ISendRepository _sendRepository;
     private readonly GlobalSettings _globalSettings;
+    private readonly ICurrentContext _currentContext;
+    private readonly Version _fido2KeyCipherMinimumVersion = new Version(Constants.Fido2KeyCipherMinimumVersion);
 
     public SyncController(
         IUserService userService,
@@ -39,7 +44,8 @@ public SyncController(
         IProviderUserRepository providerUserRepository,
         IPolicyRepository policyRepository,
         ISendRepository sendRepository,
-        GlobalSettings globalSettings)
+        GlobalSettings globalSettings,
+        ICurrentContext currentContext)
     {
         _userService = userService;
         _folderRepository = folderRepository;
@@ -51,6 +57,7 @@ public SyncController(
         _policyRepository = policyRepository;
         _sendRepository = sendRepository;
         _globalSettings = globalSettings;
+        _currentContext = currentContext;
     }
 
     [HttpGet("")]
@@ -71,7 +78,8 @@ await _providerUserRepository.GetManyOrganizationDetailsByUserAsync(user.Id,
                 ProviderUserStatusType.Confirmed);
         var hasEnabledOrgs = organizationUserDetails.Any(o => o.Enabled);
         var folders = await _folderRepository.GetManyByUserIdAsync(user.Id);
-        var ciphers = await _cipherRepository.GetManyByUserIdAsync(user.Id, hasEnabledOrgs);
+        var allCiphers = await _cipherRepository.GetManyByUserIdAsync(user.Id, hasEnabledOrgs);
+        var ciphers = FilterFidoKeys(allCiphers);
         var sends = await _sendRepository.GetManyByUserIdAsync(user.Id);
 
         IEnumerable<CollectionDetails> collections = null;
@@ -92,4 +100,13 @@ await _providerUserRepository.GetManyOrganizationDetailsByUserAsync(user.Id,
             collectionCiphersGroupDict, excludeDomains, policies, sends);
         return response;
     }
+
+    private ICollection<CipherDetails> FilterFidoKeys(ICollection<CipherDetails> ciphers)
+    {
+        if (_currentContext.ClientVersion >= _fido2KeyCipherMinimumVersion)
+        {
+            return ciphers;
+        }
+        return ciphers.Where(c => c.Type != Core.Vault.Enums.CipherType.Fido2Key).ToList();
+    }
 }
diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
index 13273acdfbb9..3f4362dc12cd 100644
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -19,6 +19,7 @@ public static class Constants
     /// their subscription has expired.
     /// </summary>
     public const int OrganizationSelfHostSubscriptionGracePeriodDays = 60;
+    public const string Fido2KeyCipherMinimumVersion = "2023.9.0";
 }
 
 public static class TokenPurposes